From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from lists.gentoo.org (pigeon.gentoo.org [208.92.234.80]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by finch.gentoo.org (Postfix) with ESMTPS id 76725138334 for ; Sat, 4 May 2019 05:20:24 +0000 (UTC) Received: from pigeon.gentoo.org (localhost [127.0.0.1]) by pigeon.gentoo.org (Postfix) with SMTP id 75AEAE084E; Sat, 4 May 2019 05:20:23 +0000 (UTC) Received: from smtp.gentoo.org (dev.gentoo.org [IPv6:2001:470:ea4a:1:5054:ff:fec7:86e4]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by pigeon.gentoo.org (Postfix) with ESMTPS id 104B3E0856 for ; Sat, 4 May 2019 05:20:22 +0000 (UTC) Received: from oystercatcher.gentoo.org (oystercatcher.gentoo.org [148.251.78.52]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by smtp.gentoo.org (Postfix) with ESMTPS id 960DB343495 for ; Sat, 4 May 2019 05:20:21 +0000 (UTC) Received: from localhost.localdomain (localhost [IPv6:::1]) by oystercatcher.gentoo.org (Postfix) with ESMTP id B9DD05DB for ; Sat, 4 May 2019 05:20:03 +0000 (UTC) From: "Jimi Huotari" To: gentoo-commits@lists.gentoo.org Content-Transfer-Encoding: 8bit Content-type: text/plain; charset=UTF-8 Reply-To: gentoo-dev@lists.gentoo.org, "Jimi Huotari" Message-ID: <1556221864.fd195fba210c8625e968ef5553e61864747c8d44.chiitoo@gentoo> Subject: [gentoo-commits] proj/forums:origin/3.2.x commit in: phpBB/phpbb/search/ X-VCS-Repository: proj/forums X-VCS-Files: phpBB/phpbb/search/fulltext_native.php X-VCS-Directories: phpBB/phpbb/search/ X-VCS-Committer: chiitoo X-VCS-Committer-Name: Jimi Huotari X-VCS-Revision: fd195fba210c8625e968ef5553e61864747c8d44 X-VCS-Branch: origin/3.2.x Date: Sat, 4 May 2019 05:20:03 +0000 (UTC) Precedence: bulk List-Post: List-Help: List-Unsubscribe: List-Subscribe: List-Id: Gentoo Linux mail X-BeenThere: gentoo-commits@lists.gentoo.org X-Auto-Response-Suppress: DR, RN, NRN, OOF, AutoReply X-Archives-Salt: 2b7b96a8-8004-49b7-8d8c-23b85758d795 X-Archives-Hash: 4dc0c5ae49e730bf8620d79b4cb9c57a commit: fd195fba210c8625e968ef5553e61864747c8d44 Author: Derky phpbb com> AuthorDate: Thu Apr 25 19:51:04 2019 +0000 Commit: Jimi Huotari gentoo org> CommitDate: Thu Apr 25 19:51:04 2019 +0000 URL: https://gitweb.gentoo.org/proj/forums.git/commit/?id=fd195fba [ticket/security/235] Remove non trailing wildcards from search keywords Database indexes are only used if wildcards are used at the end. SECURITY-235 phpBB/phpbb/search/fulltext_native.php | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/phpBB/phpbb/search/fulltext_native.php b/phpBB/phpbb/search/fulltext_native.php index 9a6d62f9d..478fe5616 100644 --- a/phpBB/phpbb/search/fulltext_native.php +++ b/phpBB/phpbb/search/fulltext_native.php @@ -305,6 +305,11 @@ class fulltext_native extends \phpbb\search\base } } + // Remove non trailing wildcards from each word to prevent a full table scan (it's now using the database index) + $match = '#\*(?!$)\b#'; + $replace = '$1'; + $keywords = preg_replace($match, $replace, $keywords); + // set the search_query which is shown to the user $this->search_query = $keywords;