From 1d10baa719d22e5b63405db747fd749916a70fd6 Mon Sep 17 00:00:00 2001 From: Shish Date: Sun, 16 Jun 2019 19:25:40 +0100 Subject: [PATCH] only sql-escape if we're going to the database, not the accelerator --- core/imageboard/image.php | 18 +++++++++--------- core/imageboard/tag.php | 8 ++++++++ ext/view/main.php | 10 +++++----- 3 files changed, 22 insertions(+), 14 deletions(-) diff --git a/core/imageboard/image.php b/core/imageboard/image.php index 18c646a9..cc2999dc 100644 --- a/core/imageboard/image.php +++ b/core/imageboard/image.php @@ -198,6 +198,10 @@ class Image $yays = 0; $nays = 0; foreach ($tag_conditions as $tq) { + if (strpos($tq->tag, "*") !== false) { + // can't deal with wildcards + return null; + } if ($tq->positive) { $yays++; $ret["yays"][] = $tq->tag; @@ -354,12 +358,8 @@ class Image $img_conditions[] = new ImgCondition($querylet, $positive); } } else { - // if the whole match is wild, skip this; - // if not, translate into SQL + // if the whole match is wild, skip this if (str_replace("*", "", $term) != "") { - $term = str_replace('_', '\_', $term); - $term = str_replace('%', '\%', $term); - $term = str_replace('*', '%', $term); $tag_conditions[] = new TagCondition($term, $positive); } } @@ -912,7 +912,7 @@ class Image GROUP BY images.id ) AS images WHERE 1=1 - "), ["tag"=>$tag_conditions[0]->tag]); + "), ["tag"=>Tag::sqlify($tag_conditions[0]->tag)]); } // more than one positive tag, or more than zero negative tags @@ -986,7 +986,7 @@ class Image FROM tags WHERE SCORE_STRNORM(tag) LIKE SCORE_STRNORM(:tag) "), - ["tag" => $tq->tag] + ["tag" => Tag::sqlify($tq->tag)] ); if ($tq->positive) { $positive_tag_id_array = array_merge($positive_tag_id_array, $tag_ids); @@ -1062,7 +1062,7 @@ class Image foreach ($tag_conditions as $tq) { $sign = $tq->positive ? "+" : "-"; $sql .= ' '.$sign.' IF(SUM(tag LIKE :tag'.Image::$tag_n.'), 1, 0)'; - $terms['tag'.Image::$tag_n] = $tq->tag; + $terms['tag'.Image::$tag_n] = Tag::sqlify($tq->tag); Image::$tag_n++; } $tag_search = new Querylet($sql, $terms); @@ -1076,7 +1076,7 @@ class Image FROM tags WHERE SCORE_STRNORM(tag) LIKE SCORE_STRNORM(:tag) "), - ["tag" => $tq->tag] + ["tag" => Tag::sqlify($tq->tag)] ); $tag_id_array = array_merge($tag_id_array, $tag_ids); diff --git a/core/imageboard/tag.php b/core/imageboard/tag.php index 3e32d524..ddce54f6 100644 --- a/core/imageboard/tag.php +++ b/core/imageboard/tag.php @@ -100,4 +100,12 @@ class Tag return $tag_array; } + + public static function sqlify(string $term): string + { + $term = str_replace('_', '\_', $term); + $term = str_replace('%', '\%', $term); + $term = str_replace('*', '%', $term); + return $term; + } } diff --git a/ext/view/main.php b/ext/view/main.php index 0e81f6dc..bfbe2fba 100644 --- a/ext/view/main.php +++ b/ext/view/main.php @@ -126,11 +126,11 @@ class ViewImage extends Extension $page->set_mode("redirect"); $page->set_redirect(make_link("post/view/{$image->id}", $query)); } elseif ($event->page_matches("post/view")) { - if(!is_numeric($event->get_arg(0))) { - // For some reason there exists some very broken mobile client - // who follows up every request to '/post/view/123' with - // '/post/view/12300000000000Image 123: tags' which spams the - // database log with 'integer out of range' + if (!is_numeric($event->get_arg(0))) { + // For some reason there exists some very broken mobile client + // who follows up every request to '/post/view/123' with + // '/post/view/12300000000000Image 123: tags' which spams the + // database log with 'integer out of range' $this->theme->display_error(404, "Image not found", "Invalid image ID"); return; }