mirror of
https://github.com/BookStackApp/BookStack.git
synced 2026-07-15 21:31:36 +03:00
Search: Prevented tag search using unusable numbers
These would trigger an error on use, and could be abused to fill logs. Added test to cover. Thanks to Stephen O. / Sakusen for reporting.
This commit is contained in:
@@ -290,7 +290,7 @@ class SearchRunner
|
||||
$query->where('name', '=', $tagParts['name']);
|
||||
}
|
||||
|
||||
if (is_numeric($tagParts['value']) && $tagParts['operator'] !== 'like') {
|
||||
if (is_numeric($tagParts['value']) && is_finite($tagParts['value']) && $tagParts['operator'] !== 'like') {
|
||||
// We have to do a raw sql query for this since otherwise PDO will quote the value and MySQL will
|
||||
// search the value as a string which prevents being able to do number-based operations
|
||||
// on the tag values. We ensure it has a numeric value and then cast it just to be sure.
|
||||
|
||||
@@ -233,6 +233,18 @@ class EntitySearchTest extends TestCase
|
||||
$this->get('/search?term=' . urlencode('danzorbhsing {created_before:2037-01-01}'))->assertDontSee($page->name);
|
||||
}
|
||||
|
||||
public function test_search_tags_with_unexpected_numeric_values_does_not_cause_error()
|
||||
{
|
||||
$pageA = $this->entities->page();
|
||||
$pageA->name = 'MyTestPageWithAwkwardNumericTagValue';
|
||||
$pageA->save();
|
||||
$pageA->tags()->save(new Tag(['name' => 'Count', 'value' => '1E999']));
|
||||
|
||||
$resp = $this->asEditor()->get('/search?term=' . urlencode('[Count=1E999]'));
|
||||
$resp->assertStatus(200);
|
||||
$resp->assertSee('MyTestPageWithAwkwardNumericTagValue');
|
||||
}
|
||||
|
||||
public function test_entity_selector_search()
|
||||
{
|
||||
$page = $this->entities->newPage(['name' => 'my ajax search test', 'html' => 'ajax test']);
|
||||
|
||||
Reference in New Issue
Block a user