makary/phpbb
1
0
Fork 0
mirror of https://github.com/phpbb/phpbb.git synced 2025-07-25 19:38:53 +00:00
Code Issues Projects Releases Packages Wiki Activity

[ticket/security/235] Remove non trailing wildcards from search keywords

Browse source 
Database indexes are only used if wildcards are used at the end.
SECURITY-235
This commit is contained in:
Derky 2019-04-25 21:51:04 +02:00
parent 56060caa4c
commit fd195fba21
1 changed files with 5 additions and 0 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

5
phpBB/phpbb/search/fulltext_native.php
View file

@ -305,6 +305,11 @@ class fulltext_native extends \phpbb\search\base
}
}
// Remove non trailing wildcards from each word to prevent a full table scan (it's now using the database index)
$match = '#\*(?!$)\b#';
$replace = '$1';
$keywords = preg_replace($match, $replace, $keywords);
// set the search_query which is shown to the user
$this->search_query = $keywords;