diff options
author | eliott <eliott@cactuswax.net> | 2008-04-05 00:14:04 -0400 |
---|---|---|
committer | Loui Chang <louipc.ist@gmail.com> | 2008-06-05 21:21:21 -0400 |
commit | cc1f323d3203271bdc3b34fb072e2d13350f55ba (patch) | |
tree | 583642158962484e26a4c0f7fccd3fadd84578df | |
parent | cad4689bc471a7db451bb1558ac39290c7c2a182 (diff) | |
download | aurweb-cc1f323d3203271bdc3b34fb072e2d13350f55ba.tar.xz |
Added AurJson query length limit.
Set a limit on the length of the query argument for searching.
A search of zero length returns a considerably sized result set.
Signed-off-by: eliott <eliott@cactuswax.net>
Signed-off-by: Loui Chang <louipc.ist@gmail.com>
-rw-r--r-- | web/lib/aurjson.class.php | 4 |
1 files changed, 4 insertions, 0 deletions
diff --git a/web/lib/aurjson.class.php b/web/lib/aurjson.class.php index be92c25..953f5ab 100644 --- a/web/lib/aurjson.class.php +++ b/web/lib/aurjson.class.php @@ -82,6 +82,10 @@ class AurJSON { * @return mixed Returns an array of package matches. **/ private function search($keyword_string) { + if (strlen($keyword_string) < 2) { + return $this->json_error('Query arg too small'); + } + $keyword_string = mysql_real_escape_string($keyword_string, $this->dbh); $query = sprintf( "SELECT Name,ID FROM Packages WHERE ( Name LIKE '%%%s%%' OR Description LIKE '%%%s%%' ) AND DummyPkg=0", |