From fd195fba210c8625e968ef5553e61864747c8d44 Mon Sep 17 00:00:00 2001 From: Derky Date: Thu, 25 Apr 2019 21:51:04 +0200 Subject: [PATCH] [ticket/security/235] Remove non trailing wildcards from search keywords Database indexes are only used if wildcards are used at the end. SECURITY-235 --- phpBB/phpbb/search/fulltext_native.php | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/phpBB/phpbb/search/fulltext_native.php b/phpBB/phpbb/search/fulltext_native.php index 9a6d62f9d8..478fe5616d 100644 --- a/phpBB/phpbb/search/fulltext_native.php +++ b/phpBB/phpbb/search/fulltext_native.php @@ -305,6 +305,11 @@ class fulltext_native extends \phpbb\search\base } } + // Remove non trailing wildcards from each word to prevent a full table scan (it's now using the database index) + $match = '#\*(?!$)\b#'; + $replace = '$1'; + $keywords = preg_replace($match, $replace, $keywords); + // set the search_query which is shown to the user $this->search_query = $keywords;