diff options
| author | Max Kanat-Alexander <mkanat@bugzilla.org> | 2011-02-20 08:44:03 +0100 |
|---|---|---|
| committer | Max Kanat-Alexander <mkanat@bugzilla.org> | 2011-02-20 08:44:03 +0100 |
| commit | 60712d5d6f5db2a468bea0447744c06d5e8a487c (patch) | |
| tree | a067c48617f748d6543b6d2759cd6e5ccdccff5c | |
| parent | 6aad3a0979417a4e131a2ac45ceabfe840aa4af6 (diff) | |
| download | bugzilla-60712d5d6f5db2a468bea0447744c06d5e8a487c.tar.gz bugzilla-60712d5d6f5db2a468bea0447744c06d5e8a487c.tar.xz | |
Bug 632717: Limit the total number of results that a search can ever return.
r=mkanat, a=mkanat (module owner)
| -rw-r--r-- | Bugzilla/Config/Query.pm | 10 | ||||
| -rw-r--r-- | Bugzilla/Search.pm | 6 | ||||
| -rwxr-xr-x | report.cgi | 7 | ||||
| -rw-r--r-- | template/en/default/admin/params/query.html.tmpl | 5 |
4 files changed, 24 insertions, 4 deletions
diff --git a/Bugzilla/Config/Query.pm b/Bugzilla/Config/Query.pm index 821f09fc6..3513b12e3 100644 --- a/Bugzilla/Config/Query.pm +++ b/Bugzilla/Config/Query.pm @@ -71,8 +71,14 @@ sub get_param_list { name => 'specific_search_allow_empty_words', type => 'b', default => 1 - } - + }, + + { + name => 'max_search_results', + type => 't', + default => '10000', + checker => \&check_numeric + }, ); return @param_list; } diff --git a/Bugzilla/Search.pm b/Bugzilla/Search.pm index 224193fbc..2bd4c06c9 100644 --- a/Bugzilla/Search.pm +++ b/Bugzilla/Search.pm @@ -929,6 +929,12 @@ sub _sql_limit { my ($self) = @_; my $limit = $self->_params->{limit}; my $offset = $self->_params->{offset}; + + my $max_results = Bugzilla->params->{'max_search_results'}; + if (!$self->{allow_unlimited} && (!$limit || $limit > $max_results)) { + $limit = $max_results; + } + if (defined $offset and not defined $limit) { $limit = INT_MAX; } diff --git a/report.cgi b/report.cgi index 0fbb339f3..60067c7af 100755 --- a/report.cgi +++ b/report.cgi @@ -127,8 +127,11 @@ my @axis_fields = ($row_field || EMPTY_COLUMN, # Clone the params, so that Bugzilla::Search can modify them my $params = new Bugzilla::CGI($cgi); -my $search = new Bugzilla::Search('fields' => \@axis_fields, - 'params' => scalar $params->Vars); +my $search = new Bugzilla::Search( + fields => \@axis_fields, + params => scalar $params->Vars, + allow_unlimited => 1, +); my $query = $search->sql; $::SIG{TERM} = 'DEFAULT'; diff --git a/template/en/default/admin/params/query.html.tmpl b/template/en/default/admin/params/query.html.tmpl index c5bac6641..0c0ff6224 100644 --- a/template/en/default/admin/params/query.html.tmpl +++ b/template/en/default/admin/params/query.html.tmpl @@ -55,4 +55,9 @@ "Whether to allow a search on the 'Simple Search' page with an empty" _ " 'Words' field.", + max_search_results => + "The maximum number of $terms.bugs that a search can" + _ " <strong>ever</strong> return. Tabular and graphical reports" + _ " are exempted from this limit, however." + } %] |