From 60712d5d6f5db2a468bea0447744c06d5e8a487c Mon Sep 17 00:00:00 2001
From: Max Kanat-Alexander <mkanat@bugzilla.org>
Date: Sat, 19 Feb 2011 23:44:03 -0800
Subject: Bug 632717: Limit the total number of results that a search can ever
 return. r=mkanat, a=mkanat (module owner)

---
 Bugzilla/Config/Query.pm                         | 10 ++++++++--
 Bugzilla/Search.pm                               |  6 ++++++
 report.cgi                                       |  7 +++++--
 template/en/default/admin/params/query.html.tmpl |  5 +++++
 4 files changed, 24 insertions(+), 4 deletions(-)

diff --git a/Bugzilla/Config/Query.pm b/Bugzilla/Config/Query.pm
index 821f09fc6..3513b12e3 100644
--- a/Bugzilla/Config/Query.pm
+++ b/Bugzilla/Config/Query.pm
@@ -71,8 +71,14 @@ sub get_param_list {
    name => 'specific_search_allow_empty_words',
    type => 'b',
    default => 1
-  }
-  
+  },
+
+  {
+    name => 'max_search_results',
+    type => 't',
+    default => '10000',
+    checker => \&check_numeric
+  },
   );
   return @param_list;
 }
diff --git a/Bugzilla/Search.pm b/Bugzilla/Search.pm
index 224193fbc..2bd4c06c9 100644
--- a/Bugzilla/Search.pm
+++ b/Bugzilla/Search.pm
@@ -929,6 +929,12 @@ sub _sql_limit {
     my ($self) = @_;
     my $limit = $self->_params->{limit};
     my $offset = $self->_params->{offset};
+    
+    my $max_results = Bugzilla->params->{'max_search_results'};
+    if (!$self->{allow_unlimited} && (!$limit || $limit > $max_results)) {
+        $limit = $max_results;
+    }
+    
     if (defined $offset and not defined $limit) {
         $limit = INT_MAX;
     }
diff --git a/report.cgi b/report.cgi
index 0fbb339f3..60067c7af 100755
--- a/report.cgi
+++ b/report.cgi
@@ -127,8 +127,11 @@ my @axis_fields = ($row_field || EMPTY_COLUMN,
 
 # Clone the params, so that Bugzilla::Search can modify them
 my $params = new Bugzilla::CGI($cgi);
-my $search = new Bugzilla::Search('fields' => \@axis_fields, 
-                                  'params' => scalar $params->Vars);
+my $search = new Bugzilla::Search(
+    fields => \@axis_fields, 
+    params => scalar $params->Vars,
+    allow_unlimited => 1,
+);
 my $query = $search->sql;
 
 $::SIG{TERM} = 'DEFAULT';
diff --git a/template/en/default/admin/params/query.html.tmpl b/template/en/default/admin/params/query.html.tmpl
index c5bac6641..0c0ff6224 100644
--- a/template/en/default/admin/params/query.html.tmpl
+++ b/template/en/default/admin/params/query.html.tmpl
@@ -55,4 +55,9 @@
     "Whether to allow a search on the 'Simple Search' page with an empty"
     _ " 'Words' field.",
 
+  max_search_results =>
+    "The maximum number of $terms.bugs that a search can"
+    _ " <strong>ever</strong> return. Tabular and graphical reports"
+    _ " are exempted from this limit, however."
+
 } %]
-- 
cgit v1.2.3-24-g4f1b