From fbf3e5405781f0f7ded67e99ab83bebc0737499d Mon Sep 17 00:00:00 2001
From: Lukas Fleischer <lfleischer@archlinux.org>
Date: Thu, 28 Apr 2016 19:28:23 +0200
Subject: Add hard limit for the length of dependency lists

Introduce a configuration option max_depends which can be used to
specify a maximum number of (reverse) dependencies to display on the
package details pages.

Fixes FS#49059.

Signed-off-by: Lukas Fleischer <lfleischer@archlinux.org>
---
 conf/config.proto            |  1 +
 web/lib/pkgfuncs.inc.php     | 10 ++++++----
 web/template/pkg_details.php |  5 +++--
 3 files changed, 10 insertions(+), 6 deletions(-)

diff --git a/conf/config.proto b/conf/config.proto
index 560c705..64af774 100644
--- a/conf/config.proto
+++ b/conf/config.proto
@@ -21,6 +21,7 @@ aur_location = https://aur.archlinux.org
 git_clone_uri_anon = https://aur.archlinux.org/%s.git
 git_clone_uri_priv = ssh://aur@aur.archlinux.org/%s.git
 max_rpc_results = 5000
+max_depends = 1000
 aur_request_ml = aur-requests@archlinux.org
 request_idle_time = 1209600
 auto_orphan_age = 15552000
diff --git a/web/lib/pkgfuncs.inc.php b/web/lib/pkgfuncs.inc.php
index eaea318..4b0fdba 100644
--- a/web/lib/pkgfuncs.inc.php
+++ b/web/lib/pkgfuncs.inc.php
@@ -230,10 +230,11 @@ function pkg_providers($name) {
  * Get package dependencies for a specific package
  *
  * @param int $pkgid The package to get dependencies for
+ * @param int $limit An upper bound for the number of packages to retrieve
  *
  * @return array All package dependencies for the package
  */
-function pkg_dependencies($pkgid) {
+function pkg_dependencies($pkgid, $limit) {
 	$deps = array();
 	$pkgid = intval($pkgid);
 	if ($pkgid > 0) {
@@ -243,7 +244,7 @@ function pkg_dependencies($pkgid) {
 		$q.= "OR SUBSTRING(pd.DepName FROM 1 FOR POSITION(': ' IN pd.DepName) - 1) = p.Name ";
 		$q.= "LEFT JOIN DependencyTypes dt ON dt.ID = pd.DepTypeID ";
 		$q.= "WHERE pd.PackageID = ". $pkgid . " ";
-		$q.= "ORDER BY pd.DepName";
+		$q.= "ORDER BY pd.DepName LIMIT " . intval($limit);
 		$result = $dbh->query($q);
 		if (!$result) {
 			return array();
@@ -505,10 +506,11 @@ function pkg_source_link($url, $arch) {
  *
  * @param string $name The package name for the dependency search
  * @param array $provides A list of virtual provisions of the package
+ * @param int $limit An upper bound for the number of packages to retrieve
  *
  * @return array All packages that depend on the specified package name
  */
-function pkg_required($name="", $provides) {
+function pkg_required($name="", $provides, $limit) {
 	$deps = array();
 	if ($name != "") {
 		$dbh = DB::connect();
@@ -523,7 +525,7 @@ function pkg_required($name="", $provides) {
 		$q.= "LEFT JOIN DependencyTypes dt ON dt.ID = pd.DepTypeID ";
 		$q.= "WHERE pd.DepName IN (" . $name_list . ") ";
 		$q.= "OR SUBSTRING(pd.DepName FROM 1 FOR POSITION(': ' IN pd.DepName) - 1) IN (" . $name_list . ") ";
-		$q.= "ORDER BY p.Name";
+		$q.= "ORDER BY p.Name LIMIT " . intval($limit);
 		$result = $dbh->query($q);
 		if (!$result) {return array();}
 		while ($row = $result->fetch(PDO::FETCH_NUM)) {
diff --git a/web/template/pkg_details.php b/web/template/pkg_details.php
index 8b038b9..b9c66d4 100644
--- a/web/template/pkg_details.php
+++ b/web/template/pkg_details.php
@@ -5,6 +5,7 @@ $log_uri = sprintf(config_get('options', 'log_uri'), urlencode($row['BaseName'])
 $snapshot_uri = sprintf(config_get('options', 'snapshot_uri'), urlencode($row['BaseName']));
 $git_clone_uri_anon = sprintf(config_get('options', 'git_clone_uri_anon'), htmlspecialchars($row['BaseName']));
 $git_clone_uri_priv = sprintf(config_get('options', 'git_clone_uri_priv'), htmlspecialchars($row['BaseName']));
+$max_depends = config_get_int('options', 'max_depends');
 
 $uid = uid_from_sid($SID);
 
@@ -40,7 +41,7 @@ $out_of_date_time = ($row["OutOfDateTS"] == 0) ? $msg : gmdate("Y-m-d", intval($
 $lics = pkg_licenses($row["ID"]);
 $grps = pkg_groups($row["ID"]);
 
-$deps = pkg_dependencies($row["ID"]);
+$deps = pkg_dependencies($row["ID"], $max_depends);
 
 usort($deps, function($x, $y) {
 	if ($x[1] != $y[1]) {
@@ -82,7 +83,7 @@ foreach ($rels as $rel) {
 	}
 }
 
-$requiredby = pkg_required($row["Name"], $rels_p);
+$requiredby = pkg_required($row["Name"], $rels_p, $max_depends);
 
 # $sources[0] = 'src';
 $sources = pkg_sources($row["ID"]);
-- 
cgit v1.2.3-54-g00ecf