From aafcf344617fdd8c1e2c065eb4e42c0b61c41d37 Mon Sep 17 00:00:00 2001
From: albert <r888888888@gmail.com>
Date: Thu, 21 Feb 2013 11:34:46 -0500
Subject: [PATCH] disable block on exclude-tag-only searches (statement timeout
 will prevent abuse)

---
 app/logical/post_query_builder.rb | 13 ++++---------
 app/models/tag.rb                 |  5 +++++
 db/structure.sql                  | 20 +++++++++++++++++++-
 test/unit/post_test.rb            |  4 ++--
 4 files changed, 30 insertions(+), 12 deletions(-)

diff --git a/app/logical/post_query_builder.rb b/app/logical/post_query_builder.rb
index 01ec00516..a862c0755 100644
--- a/app/logical/post_query_builder.rb
+++ b/app/logical/post_query_builder.rb
@@ -49,30 +49,21 @@ class PostQueryBuilder
       "''" + escaped_token + "''"
     end
   end
-  
-  def tag_query_limit
-    Danbooru.config.tag_query_limit
-  end
 
   def add_tag_string_search_relation(tags, relation)
     tag_query_sql = []
 
     if tags[:include].any?
-      raise ::Post::SearchError.new("You cannot search for more than #{tag_query_limit} tags at a time") if tags[:include].size > tag_query_limit
       tag_query_sql << "(" + escape_string_for_tsquery(tags[:include]).join(" | ") + ")"
       has_constraints!
     end
 
     if tags[:related].any?
-      raise ::Post::SearchError.new("You cannot search for more than #{tag_query_limit} tags at a time") if tags[:related].size > tag_query_limit
       tag_query_sql << "(" + escape_string_for_tsquery(tags[:related]).join(" & ") + ")"
       has_constraints!
     end
 
     if tags[:exclude].any?
-      raise ::Post::SearchError.new("You cannot search for more than #{tag_query_limit} tags at a time") if tags[:exclude].size > tag_query_limit
-      raise ::Post::SearchError.new("You cannot search for only excluded tags") unless has_constraints?
-
       tag_query_sql << "!(" + escape_string_for_tsquery(tags[:exclude]).join(" | ") + ")"
     end
 
@@ -111,6 +102,10 @@ class PostQueryBuilder
     
     relation = Post.scoped
     
+    if q[:tag_count].to_i > Danbooru.config.tag_query_limit
+      raise ::Post::SearchError.new("You cannot search for more than #{Danbooru.config.tag_query_limit} tags at a time")
+    end
+    
     relation = add_range_relation(q[:post_id], "posts.id", relation)
     relation = add_range_relation(q[:mpixels], "posts.width * posts.height / 1000000.0", relation)
     relation = add_range_relation(q[:width], "posts.image_width", relation)
diff --git a/app/models/tag.rb b/app/models/tag.rb
index 1a8e88145..16f9dae07 100644
--- a/app/models/tag.rb
+++ b/app/models/tag.rb
@@ -221,6 +221,9 @@ class Tag < ActiveRecord::Base
 
     def parse_query(query, options = {})
       q = {}
+      
+      q[:tag_count] = 0
+      
       q[:tags] = {
         :related => [],
         :include => [],
@@ -228,6 +231,8 @@ class Tag < ActiveRecord::Base
       }
       
       scan_query(query).each do |token|
+        q[:tag_count] += 1
+
         if token =~ /\A(#{METATAGS}):(.+)\Z/
           case $1
           when "-user"
diff --git a/db/structure.sql b/db/structure.sql
index c32f20634..183187111 100644
--- a/db/structure.sql
+++ b/db/structure.sql
@@ -5738,6 +5738,13 @@ CREATE INDEX index_post_flags_on_post_id ON post_flags USING btree (post_id);
 CREATE INDEX index_post_versions_on_post_id ON post_versions USING btree (post_id);
 
 
+--
+-- Name: index_post_versions_on_updated_at; Type: INDEX; Schema: public; Owner: -; Tablespace: 
+--
+
+CREATE INDEX index_post_versions_on_updated_at ON post_versions USING btree (updated_at);
+
+
 --
 -- Name: index_post_versions_on_updater_id; Type: INDEX; Schema: public; Owner: -; Tablespace: 
 --
@@ -5941,6 +5948,13 @@ CREATE INDEX index_uploads_on_uploader_id ON uploads USING btree (uploader_id);
 CREATE INDEX index_uploads_on_uploader_ip_addr ON uploads USING btree (uploader_ip_addr);
 
 
+--
+-- Name: index_user_feedback_on_created_at; Type: INDEX; Schema: public; Owner: -; Tablespace: 
+--
+
+CREATE INDEX index_user_feedback_on_created_at ON user_feedback USING btree (created_at);
+
+
 --
 -- Name: index_user_feedback_on_creator_id; Type: INDEX; Schema: public; Owner: -; Tablespace: 
 --
@@ -6180,4 +6194,8 @@ INSERT INTO schema_migrations (version) VALUES ('20130114154400');
 
 INSERT INTO schema_migrations (version) VALUES ('20130219171111');
 
-INSERT INTO schema_migrations (version) VALUES ('20130219184743');
\ No newline at end of file
+INSERT INTO schema_migrations (version) VALUES ('20130219184743');
+
+INSERT INTO schema_migrations (version) VALUES ('20130221032344');
+
+INSERT INTO schema_migrations (version) VALUES ('20130221035518');
\ No newline at end of file
diff --git a/test/unit/post_test.rb b/test/unit/post_test.rb
index f146dc6b4..6e64d1340 100644
--- a/test/unit/post_test.rb
+++ b/test/unit/post_test.rb
@@ -835,9 +835,9 @@ class PostTest < ActiveSupport::TestCase
       assert_equal(post3.id, relation.first.id)      
     end
     
-    should "fail for exclusive tag searches with no other tag" do
+    should "succeed for exclusive tag searches with no other tag" do
       post1 = FactoryGirl.create(:post, :rating => "s", :tag_string => "aaa")
-      assert_raise(::Post::SearchError) do
+      assert_nothing_raised do
         relation = Post.tag_match("-aaa")
       end
     end