diff options
| author | Morten Linderud <morten@linderud.pw> | 2020-09-04 09:27:34 +0200 |
|---|---|---|
| committer | Lukas Fleischer <lfleischer@archlinux.org> | 2020-09-05 16:21:16 +0200 |
| commit | 613364b773c6352ae17aea3d2a74786fe0ca607d (patch) | |
| tree | e88f11e8f05911013a7f46292b086e15ed686cdb /web | |
| parent | c4f4ac510be1898e6969d13dd4f37c0a3f807aff (diff) | |
| download | aur-613364b773c6352ae17aea3d2a74786fe0ca607d.tar.gz aur-613364b773c6352ae17aea3d2a74786fe0ca607d.tar.xz | |
pkg_search_page: Limit number of results on package search
The current package search query is quite poorly optimized and becomes a
resource hog when the offsets gets large enough. This DoSes the service.
A quick fix is to just ensure we have some limit to the number of hits
we return. The current hardcoding of 2500 is based on the following:
* 250 hits per page max
* 10 pages
We can maybe consider having it lower, but it seems easier to just have
this a multiple of 250 in the first iteration.
Signed-off-by: Morten Linderud <morten@linderud.pw>
Signed-off-by: Lukas Fleischer <lfleischer@archlinux.org>
Diffstat (limited to 'web')
| -rw-r--r-- | web/lib/pkgfuncs.inc.php | 7 |
1 files changed, 3 insertions, 4 deletions
diff --git a/web/lib/pkgfuncs.inc.php b/web/lib/pkgfuncs.inc.php index 8c915711..80758005 100644 --- a/web/lib/pkgfuncs.inc.php +++ b/web/lib/pkgfuncs.inc.php @@ -619,7 +619,7 @@ function pkg_search_page($params, $show_headers=true, $SID="") { /* Sanitize paging variables. */ if (isset($params['O'])) { - $params['O'] = max(intval($params['O']), 0); + $params['O'] = bound(intval($params['O']), 0, 2500); } else { $params['O'] = 0; } @@ -771,9 +771,8 @@ function pkg_search_page($params, $show_headers=true, $SID="") { $result_t = $dbh->query($q_total); if ($result_t) { $row = $result_t->fetch(PDO::FETCH_NUM); - $total = $row[0]; - } - else { + $total = min($row[0], 2500); + } else { $total = 0; } |