disable block on exclude-tag-only searches (statement timeout will prevent abuse)

2013-02-21 11:34:46 -05:00
parent a2c8860b8e
commit aafcf34461
4 changed files with 30 additions and 12 deletions
--- a/app/logical/post_query_builder.rb
+++ b/app/logical/post_query_builder.rb
@@ -49,30 +49,21 @@ class PostQueryBuilder
      "''" + escaped_token + "''"
    end
  end
-  
-  def tag_query_limit
-    Danbooru.config.tag_query_limit
-  end

  def add_tag_string_search_relation(tags, relation)
    tag_query_sql = []

    if tags[:include].any?
-      raise ::Post::SearchError.new("You cannot search for more than #{tag_query_limit} tags at a time") if tags[:include].size > tag_query_limit
      tag_query_sql << "(" + escape_string_for_tsquery(tags[:include]).join(" | ") + ")"
      has_constraints!
    end

    if tags[:related].any?
-      raise ::Post::SearchError.new("You cannot search for more than #{tag_query_limit} tags at a time") if tags[:related].size > tag_query_limit
      tag_query_sql << "(" + escape_string_for_tsquery(tags[:related]).join(" & ") + ")"
      has_constraints!
    end

    if tags[:exclude].any?
-      raise ::Post::SearchError.new("You cannot search for more than #{tag_query_limit} tags at a time") if tags[:exclude].size > tag_query_limit
-      raise ::Post::SearchError.new("You cannot search for only excluded tags") unless has_constraints?
-
      tag_query_sql << "!(" + escape_string_for_tsquery(tags[:exclude]).join(" | ") + ")"
    end

@@ -111,6 +102,10 @@ class PostQueryBuilder
    
    relation = Post.scoped
    
+    if q[:tag_count].to_i > Danbooru.config.tag_query_limit
+      raise ::Post::SearchError.new("You cannot search for more than #{Danbooru.config.tag_query_limit} tags at a time")
+    end
+    
    relation = add_range_relation(q[:post_id], "posts.id", relation)
    relation = add_range_relation(q[:mpixels], "posts.width * posts.height / 1000000.0", relation)
    relation = add_range_relation(q[:width], "posts.image_width", relation)
--- a/app/models/tag.rb
+++ b/app/models/tag.rb
@@ -221,6 +221,9 @@ class Tag < ActiveRecord::Base

    def parse_query(query, options = {})
      q = {}
+      
+      q[:tag_count] = 0
+      
      q[:tags] = {
        :related => [],
        :include => [],
@@ -228,6 +231,8 @@ class Tag < ActiveRecord::Base
      }
      
      scan_query(query).each do |token|
+        q[:tag_count] += 1
+
        if token =~ /\A(#{METATAGS}):(.+)\Z/
          case $1
          when "-user"