diff mbox series

[v2] pkg_search_page: Limit number of results on package search

Message ID 20200905134824.110020-1-lfleischer@archlinux.org
State New
Headers show
Series [v2] pkg_search_page: Limit number of results on package search | expand

Commit Message

Lukas Fleischer Sept. 5, 2020, 1:48 p.m. UTC 
From: Morten Linderud <morten@linderud.pw>

The current package search query is quite poorly optimized and becomes a
resource hog when the offsets gets large enough. This DoSes the service.

A quick fix is to just ensure we have some limit to the number of hits
we return. The current hardcoding of 2500 is based on the following:

    * 250 hits per page max
    * 10 pages

We can maybe consider having it lower, but it seems easier to just have
this a multiple of 250 in the first iteration.

Signed-off-by: Morten Linderud <morten@linderud.pw>
Signed-off-by: Lukas Fleischer <lfleischer@archlinux.org>
---
 web/lib/pkgfuncs.inc.php | 7 +++----
 1 file changed, 3 insertions(+), 4 deletions(-)
diff mbox series

Patch

diff --git a/web/lib/pkgfuncs.inc.php b/web/lib/pkgfuncs.inc.php
index 8c91571..8075800 100644
--- a/web/lib/pkgfuncs.inc.php
+++ b/web/lib/pkgfuncs.inc.php
@@ -619,7 +619,7 @@  function pkg_search_page($params, $show_headers=true, $SID="") {
 
 	/* Sanitize paging variables. */
 	if (isset($params['O'])) {
-		$params['O'] = max(intval($params['O']), 0);
+		$params['O'] = bound(intval($params['O']), 0, 2500);
 	} else {
 		$params['O'] = 0;
 	}
@@ -771,9 +771,8 @@  function pkg_search_page($params, $show_headers=true, $SID="") {
 	$result_t = $dbh->query($q_total);
 	if ($result_t) {
 		$row = $result_t->fetch(PDO::FETCH_NUM);
-		$total = $row[0];
-	}
-	else {
+		$total = min($row[0], 2500);
+	} else {
 		$total = 0;
 	}