commit: 8a73eb5f0ff912454e6479539f972081e54baa1c
Author: Derky <derky <AT> phpbb <DOT> com>
AuthorDate: Thu Apr 25 22:52:43 2019 +0000
Commit: Jimi Huotari <chiitoo <AT> gentoo <DOT> org>
CommitDate: Thu Apr 25 22:54:14 2019 +0000
URL: https://gitweb.gentoo.org/proj/forums.git/commit/?id=8a73eb5f
[ticket/security/235] Use whitespace instead of word boundary regex to remove
wildcards
This fixes removing the wildcard in the following search query: *.test
SECURITY-235
phpBB/phpbb/search/fulltext_native.php | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/phpBB/phpbb/search/fulltext_native.php
b/phpBB/phpbb/search/fulltext_native.php
index 478fe5616..1925623b8 100644
--- a/phpBB/phpbb/search/fulltext_native.php
+++ b/phpBB/phpbb/search/fulltext_native.php
@@ -306,7 +306,7 @@ class fulltext_native extends \phpbb\search\base
}
// Remove non trailing wildcards from each word to prevent a
full table scan (it's now using the database index)
- $match = '#\*(?!$)\b#';
+ $match = '#\*(?!$|\s)#';
$replace = '$1';
$keywords = preg_replace($match, $replace, $keywords);
