Bug 18854 - Protect from DOS
There was a bug that meant a very large offset in the search params will cause the search script to run forever (or long enough to crash the machine) To test 1/ Get ready with sudo top so you can kill the thread before it causes your machine to OOM 2/ Hit a page like yourdomain.com/cgi-bin/koha/opac-search.pl?q=1&offset=-9999999999999999999 3/ Notice the process runs for a long time 4/ Kill the process 5/ Apply the patch 6/ Hit the page again, notice the it loads (offset is set to zero) 7/ Do the same to search in the staff client Signed-off-by: Mirko Tietgen <mirko@abunchofthings.net> Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl> Amended: changed -2 to 0 in opac-search.pl. Signed-off-by: Julian Maurice <julian.maurice@biblibre.com> Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
This commit is contained in:
parent
068db9aaab
commit
99b32717cd
2 changed files with 2 additions and 0 deletions
|
@ -449,6 +449,7 @@ my $scan = $params->{'scan'};
|
|||
my $count = C4::Context->preference('numSearchResults') || 20;
|
||||
my $results_per_page = $params->{'count'} || $count;
|
||||
my $offset = $params->{'offset'} || 0;
|
||||
$offset = 0 if $offset < 0;
|
||||
my $page = $cgi->param('page') || 1;
|
||||
#my $offset = ($page-1)*$results_per_page;
|
||||
my $hits;
|
||||
|
|
|
@ -521,6 +521,7 @@ my $count = C4::Context->preference('OPACnumSearchResults') || 20;
|
|||
my $countRSS = C4::Context->preference('numSearchRSSResults') || 50;
|
||||
my $results_per_page = $params->{'count'} || $count;
|
||||
my $offset = $params->{'offset'} || 0;
|
||||
$offset = 0 if $offset < 0;
|
||||
my $page = $cgi->param('page') || 1;
|
||||
$offset = ($page-1)*$results_per_page if $page>1;
|
||||
my $hits;
|
||||
|
|
Loading…
Reference in a new issue