From: Max Kanat-Alexander <mkanat@bugzilla.org>
Date: Sun, 20 Feb 2011 07:44:03 +0000 (-0800)
Subject: Bug 632717: Limit the total number of results that a search can ever return.
X-Git-Tag: bugzilla-4.1.1~31
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=60712d5d6f5db2a468bea0447744c06d5e8a487c;p=thirdparty%2Fbugzilla.git

Bug 632717: Limit the total number of results that a search can ever return.
r=mkanat, a=mkanat (module owner)
---

diff --git a/Bugzilla/Config/Query.pm b/Bugzilla/Config/Query.pm
index 821f09fc6a..3513b12e30 100644
--- a/Bugzilla/Config/Query.pm
+++ b/Bugzilla/Config/Query.pm
@@ -71,8 +71,14 @@ sub get_param_list {
    name => 'specific_search_allow_empty_words',
    type => 'b',
    default => 1
-  }
-  
+  },
+
+  {
+    name => 'max_search_results',
+    type => 't',
+    default => '10000',
+    checker => \&check_numeric
+  },
   );
   return @param_list;
 }
diff --git a/Bugzilla/Search.pm b/Bugzilla/Search.pm
index 224193fbc0..2bd4c06c95 100644
--- a/Bugzilla/Search.pm
+++ b/Bugzilla/Search.pm
@@ -929,6 +929,12 @@ sub _sql_limit {
     my ($self) = @_;
     my $limit = $self->_params->{limit};
     my $offset = $self->_params->{offset};
+    
+    my $max_results = Bugzilla->params->{'max_search_results'};
+    if (!$self->{allow_unlimited} && (!$limit || $limit > $max_results)) {
+        $limit = $max_results;
+    }
+    
     if (defined $offset and not defined $limit) {
         $limit = INT_MAX;
     }
diff --git a/report.cgi b/report.cgi
index 0fbb339f3a..60067c7afc 100755
--- a/report.cgi
+++ b/report.cgi
@@ -127,8 +127,11 @@ my @axis_fields = ($row_field || EMPTY_COLUMN,
 
 # Clone the params, so that Bugzilla::Search can modify them
 my $params = new Bugzilla::CGI($cgi);
-my $search = new Bugzilla::Search('fields' => \@axis_fields, 
-                                  'params' => scalar $params->Vars);
+my $search = new Bugzilla::Search(
+    fields => \@axis_fields, 
+    params => scalar $params->Vars,
+    allow_unlimited => 1,
+);
 my $query = $search->sql;
 
 $::SIG{TERM} = 'DEFAULT';
diff --git a/template/en/default/admin/params/query.html.tmpl b/template/en/default/admin/params/query.html.tmpl
index c5bac66419..0c0ff6224b 100644
--- a/template/en/default/admin/params/query.html.tmpl
+++ b/template/en/default/admin/params/query.html.tmpl
@@ -55,4 +55,9 @@
     "Whether to allow a search on the 'Simple Search' page with an empty"
     _ " 'Words' field.",
 
+  max_search_results =>
+    "The maximum number of $terms.bugs that a search can"
+    _ " <strong>ever</strong> return. Tabular and graphical reports"
+    _ " are exempted from this limit, however."
+
 } %]