summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorMax Kanat-Alexander <mkanat@bugzilla.org>2011-02-20 08:44:03 +0100
committerMax Kanat-Alexander <mkanat@bugzilla.org>2011-02-20 08:44:03 +0100
commit60712d5d6f5db2a468bea0447744c06d5e8a487c (patch)
treea067c48617f748d6543b6d2759cd6e5ccdccff5c
parent6aad3a0979417a4e131a2ac45ceabfe840aa4af6 (diff)
downloadbugzilla-60712d5d6f5db2a468bea0447744c06d5e8a487c.tar.gz
bugzilla-60712d5d6f5db2a468bea0447744c06d5e8a487c.tar.xz
Bug 632717: Limit the total number of results that a search can ever return.
r=mkanat, a=mkanat (module owner)
-rw-r--r--Bugzilla/Config/Query.pm10
-rw-r--r--Bugzilla/Search.pm6
-rwxr-xr-xreport.cgi7
-rw-r--r--template/en/default/admin/params/query.html.tmpl5
4 files changed, 24 insertions, 4 deletions
diff --git a/Bugzilla/Config/Query.pm b/Bugzilla/Config/Query.pm
index 821f09fc6..3513b12e3 100644
--- a/Bugzilla/Config/Query.pm
+++ b/Bugzilla/Config/Query.pm
@@ -71,8 +71,14 @@ sub get_param_list {
name => 'specific_search_allow_empty_words',
type => 'b',
default => 1
- }
-
+ },
+
+ {
+ name => 'max_search_results',
+ type => 't',
+ default => '10000',
+ checker => \&check_numeric
+ },
);
return @param_list;
}
diff --git a/Bugzilla/Search.pm b/Bugzilla/Search.pm
index 224193fbc..2bd4c06c9 100644
--- a/Bugzilla/Search.pm
+++ b/Bugzilla/Search.pm
@@ -929,6 +929,12 @@ sub _sql_limit {
my ($self) = @_;
my $limit = $self->_params->{limit};
my $offset = $self->_params->{offset};
+
+ my $max_results = Bugzilla->params->{'max_search_results'};
+ if (!$self->{allow_unlimited} && (!$limit || $limit > $max_results)) {
+ $limit = $max_results;
+ }
+
if (defined $offset and not defined $limit) {
$limit = INT_MAX;
}
diff --git a/report.cgi b/report.cgi
index 0fbb339f3..60067c7af 100755
--- a/report.cgi
+++ b/report.cgi
@@ -127,8 +127,11 @@ my @axis_fields = ($row_field || EMPTY_COLUMN,
# Clone the params, so that Bugzilla::Search can modify them
my $params = new Bugzilla::CGI($cgi);
-my $search = new Bugzilla::Search('fields' => \@axis_fields,
- 'params' => scalar $params->Vars);
+my $search = new Bugzilla::Search(
+ fields => \@axis_fields,
+ params => scalar $params->Vars,
+ allow_unlimited => 1,
+);
my $query = $search->sql;
$::SIG{TERM} = 'DEFAULT';
diff --git a/template/en/default/admin/params/query.html.tmpl b/template/en/default/admin/params/query.html.tmpl
index c5bac6641..0c0ff6224 100644
--- a/template/en/default/admin/params/query.html.tmpl
+++ b/template/en/default/admin/params/query.html.tmpl
@@ -55,4 +55,9 @@
"Whether to allow a search on the 'Simple Search' page with an empty"
_ " 'Words' field.",
+ max_search_results =>
+ "The maximum number of $terms.bugs that a search can"
+ _ " <strong>ever</strong> return. Tabular and graphical reports"
+ _ " are exempted from this limit, however."
+
} %]