commit: fd195fba210c8625e968ef5553e61864747c8d44
Author: Derky <derky <AT> phpbb <DOT> com>
AuthorDate: Thu Apr 25 19:51:04 2019 +0000
Commit: Jimi Huotari <chiitoo <AT> gentoo <DOT> org>
CommitDate: Thu Apr 25 19:51:04 2019 +0000
URL: https://gitweb.gentoo.org/proj/forums.git/commit/?id=fd195fba
[ticket/security/235] Remove non trailing wildcards from search keywords
Database indexes are only used if wildcards are used at the end.
SECURITY-235
phpBB/phpbb/search/fulltext_native.php | 5 +++++
1 file changed, 5 insertions(+)
diff --git a/phpBB/phpbb/search/fulltext_native.php
b/phpBB/phpbb/search/fulltext_native.php
index 9a6d62f9d..478fe5616 100644
--- a/phpBB/phpbb/search/fulltext_native.php
+++ b/phpBB/phpbb/search/fulltext_native.php
@@ -305,6 +305,11 @@ class fulltext_native extends \phpbb\search\base
}
}
+ // Remove non trailing wildcards from each word to prevent a
full table scan (it's now using the database index)
+ $match = '#\*(?!$)\b#';
+ $replace = '$1';
+ $keywords = preg_replace($match, $replace, $keywords);
+
// set the search_query which is shown to the user
$this->search_query = $keywords;
