Koha/catalogue
Chris Cormack 99b32717cd Bug 18854 - Protect from DOS
There was a bug that meant a very large offset in the search params
will cause the search script to run forever (or long enough to crash
the machine)

To test

1/ Get ready with sudo top so you can kill the thread before it causes
your machine to OOM
2/ Hit a page like yourdomain.com/cgi-bin/koha/opac-search.pl?q=1&offset=-9999999999999999999
3/ Notice the process runs for a long time
4/ Kill the process
5/ Apply the patch
6/ Hit the page again, notice the it loads (offset is set to zero)
7/ Do the same to search in the staff client

Signed-off-by: Mirko Tietgen <mirko@abunchofthings.net>

Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl>
Amended: changed -2 to 0 in opac-search.pl.
Signed-off-by: Julian Maurice <julian.maurice@biblibre.com>

Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
2017-07-14 12:02:04 -03:00
..
detail.pl Bug 17829: Move GetMember to Koha::Patron 2017-07-10 13:14:19 -03:00
export.pl Bug 16578: Same fix for the staff interface 2016-06-10 16:49:43 +00:00
getitem-ajax.pl Bug 17843: Replace C4::Koha::getitemtypeinfo with Koha::ItemTypes 2017-07-05 13:42:21 -03:00
image.pl Bug 16259: Replace CGI->param with CGI->multi_param in list context - part 2 2016-05-16 17:28:06 +00:00
imageviewer.pl Bug 17829: Move GetMember to Koha::Patron 2017-07-10 13:14:19 -03:00
ISBDdetail.pl Bug 17829: Move GetMember to Koha::Patron 2017-07-10 13:14:19 -03:00
issuehistory.pl Bug 18260: Koha::Biblio - Remove GetBiblio 2017-07-10 13:03:38 -03:00
itemsearch.pl Bug 18633: Remove remaining use of CGI.param in template 2017-07-10 17:55:18 -03:00
labeledMARCdetail.pl Bug 17829: Move GetMember to Koha::Patron 2017-07-10 13:14:19 -03:00
MARCdetail.pl Bug 17829: Move GetMember to Koha::Patron 2017-07-10 13:14:19 -03:00
moredetail.pl Bug 17829: Move GetMember to Koha::Patron 2017-07-10 13:14:19 -03:00
search-history.pl Bug 16593: Do not allow patrons to delete search history of others patrons 2016-06-24 11:47:29 +00:00
search.pl Bug 18854 - Protect from DOS 2017-07-14 12:02:04 -03:00
showmarc.pl
updateitem.pl Bug 13024 - Nonpublic note not appearing in the staff client 2015-12-04 14:47:57 +00:00