summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authoreliott <eliott@cactuswax.net>2008-04-05 06:14:04 +0200
committerLoui Chang <louipc.ist@gmail.com>2008-06-06 03:21:21 +0200
commitcc1f323d3203271bdc3b34fb072e2d13350f55ba (patch)
tree583642158962484e26a4c0f7fccd3fadd84578df
parentcad4689bc471a7db451bb1558ac39290c7c2a182 (diff)
downloadaur-cc1f323d3203271bdc3b34fb072e2d13350f55ba.tar.gz
aur-cc1f323d3203271bdc3b34fb072e2d13350f55ba.tar.xz
Added AurJson query length limit.
Set a limit on the length of the query argument for searching. A search of zero length returns a considerably sized result set. Signed-off-by: eliott <eliott@cactuswax.net> Signed-off-by: Loui Chang <louipc.ist@gmail.com>
-rw-r--r--web/lib/aurjson.class.php4
1 files changed, 4 insertions, 0 deletions
diff --git a/web/lib/aurjson.class.php b/web/lib/aurjson.class.php
index be92c251..953f5aba 100644
--- a/web/lib/aurjson.class.php
+++ b/web/lib/aurjson.class.php
@@ -82,6 +82,10 @@ class AurJSON {
* @return mixed Returns an array of package matches.
**/
private function search($keyword_string) {
+ if (strlen($keyword_string) < 2) {
+ return $this->json_error('Query arg too small');
+ }
+
$keyword_string = mysql_real_escape_string($keyword_string, $this->dbh);
$query = sprintf(
"SELECT Name,ID FROM Packages WHERE ( Name LIKE '%%%s%%' OR Description LIKE '%%%s%%' ) AND DummyPkg=0",