Search: Prevented tag search using unusable numbers

These would trigger an error on use, and could be abused to fill logs.
Added test to cover.

Thanks to Stephen O. / Sakusen for reporting.
This commit is contained in:
Dan Brown
2026-06-06 10:37:06 +01:00
parent f01bb749ab
commit 37f2d05118
2 changed files with 13 additions and 1 deletions

View File

@@ -290,7 +290,7 @@ class SearchRunner
$query->where('name', '=', $tagParts['name']);
}
if (is_numeric($tagParts['value']) && $tagParts['operator'] !== 'like') {
if (is_numeric($tagParts['value']) && is_finite($tagParts['value']) && $tagParts['operator'] !== 'like') {
// We have to do a raw sql query for this since otherwise PDO will quote the value and MySQL will
// search the value as a string which prevents being able to do number-based operations
// on the tag values. We ensure it has a numeric value and then cast it just to be sure.

View File

@@ -233,6 +233,18 @@ class EntitySearchTest extends TestCase
$this->get('/search?term=' . urlencode('danzorbhsing {created_before:2037-01-01}'))->assertDontSee($page->name);
}
public function test_search_tags_with_unexpected_numeric_values_does_not_cause_error()
{
$pageA = $this->entities->page();
$pageA->name = 'MyTestPageWithAwkwardNumericTagValue';
$pageA->save();
$pageA->tags()->save(new Tag(['name' => 'Count', 'value' => '1E999']));
$resp = $this->asEditor()->get('/search?term=' . urlencode('[Count=1E999]'));
$resp->assertStatus(200);
$resp->assertSee('MyTestPageWithAwkwardNumericTagValue');
}
public function test_entity_selector_search()
{
$page = $this->entities->newPage(['name' => 'my ajax search test', 'html' => 'ajax test']);