jaculabilis/danbooru
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity

disable block on exclude-tag-only searches (statement timeout will prevent abuse)

Browse Source
This commit is contained in:
albert
2013-02-21 11:34:46 -05:00
parent a2c8860b8e
commit aafcf34461
4 changed files with 30 additions and 12 deletions
Download Patch File Download Diff File Expand all files Collapse all files

13
app/logical/post_query_builder.rb
View File

@@ -50,29 +50,20 @@ class PostQueryBuilder
end end
end end
def tag_query_limit
Danbooru.config.tag_query_limit
end
def add_tag_string_search_relation(tags, relation) def add_tag_string_search_relation(tags, relation)
tag_query_sql = [] tag_query_sql = []
if tags[:include].any? if tags[:include].any?
raise ::Post::SearchError.new("You cannot search for more than #{tag_query_limit} tags at a time") if tags[:include].size > tag_query_limit
tag_query_sql << "(" + escape_string_for_tsquery(tags[:include]).join(" | ") + ")" tag_query_sql << "(" + escape_string_for_tsquery(tags[:include]).join(" | ") + ")"
has_constraints! has_constraints!
end end
if tags[:related].any? if tags[:related].any?
raise ::Post::SearchError.new("You cannot search for more than #{tag_query_limit} tags at a time") if tags[:related].size > tag_query_limit
tag_query_sql << "(" + escape_string_for_tsquery(tags[:related]).join(" & ") + ")" tag_query_sql << "(" + escape_string_for_tsquery(tags[:related]).join(" & ") + ")"
has_constraints! has_constraints!
end end
if tags[:exclude].any? if tags[:exclude].any?
raise ::Post::SearchError.new("You cannot search for more than #{tag_query_limit} tags at a time") if tags[:exclude].size > tag_query_limit
raise ::Post::SearchError.new("You cannot search for only excluded tags") unless has_constraints?
tag_query_sql << "!(" + escape_string_for_tsquery(tags[:exclude]).join(" | ") + ")" tag_query_sql << "!(" + escape_string_for_tsquery(tags[:exclude]).join(" | ") + ")"
end end
@@ -111,6 +102,10 @@ class PostQueryBuilder
relation = Post.scoped relation = Post.scoped
if q[:tag_count].to_i > Danbooru.config.tag_query_limit
raise ::Post::SearchError.new("You cannot search for more than #{Danbooru.config.tag_query_limit} tags at a time")
end
relation = add_range_relation(q[:post_id], "posts.id", relation) relation = add_range_relation(q[:post_id], "posts.id", relation)
relation = add_range_relation(q[:mpixels], "posts.width * posts.height / 1000000.0", relation) relation = add_range_relation(q[:mpixels], "posts.width * posts.height / 1000000.0", relation)
relation = add_range_relation(q[:width], "posts.image_width", relation) relation = add_range_relation(q[:width], "posts.image_width", relation)

5
app/models/tag.rb
View File

@@ -221,6 +221,9 @@ class Tag < ActiveRecord::Base
def parse_query(query, options = {}) def parse_query(query, options = {})
q = {} q = {}
q[:tag_count] = 0
q[:tags] = { q[:tags] = {
:related => [], :related => [],
:include => [], :include => [],
@@ -228,6 +231,8 @@ class Tag < ActiveRecord::Base
} }
scan_query(query).each do |token| scan_query(query).each do |token|
q[:tag_count] += 1
if token =~ /\A(#{METATAGS}):(.+)\Z/ if token =~ /\A(#{METATAGS}):(.+)\Z/
case $1 case $1
when "-user" when "-user"

18
db/structure.sql
View File

@@ -5738,6 +5738,13 @@ CREATE INDEX index_post_flags_on_post_id ON post_flags USING btree (post_id);
CREATE INDEX index_post_versions_on_post_id ON post_versions USING btree (post_id); CREATE INDEX index_post_versions_on_post_id ON post_versions USING btree (post_id);
--
-- Name: index_post_versions_on_updated_at; Type: INDEX; Schema: public; Owner: -; Tablespace:
--
CREATE INDEX index_post_versions_on_updated_at ON post_versions USING btree (updated_at);
-- --
-- Name: index_post_versions_on_updater_id; Type: INDEX; Schema: public; Owner: -; Tablespace: -- Name: index_post_versions_on_updater_id; Type: INDEX; Schema: public; Owner: -; Tablespace:
-- --
@@ -5941,6 +5948,13 @@ CREATE INDEX index_uploads_on_uploader_id ON uploads USING btree (uploader_id);
CREATE INDEX index_uploads_on_uploader_ip_addr ON uploads USING btree (uploader_ip_addr); CREATE INDEX index_uploads_on_uploader_ip_addr ON uploads USING btree (uploader_ip_addr);
--
-- Name: index_user_feedback_on_created_at; Type: INDEX; Schema: public; Owner: -; Tablespace:
--
CREATE INDEX index_user_feedback_on_created_at ON user_feedback USING btree (created_at);
-- --
-- Name: index_user_feedback_on_creator_id; Type: INDEX; Schema: public; Owner: -; Tablespace: -- Name: index_user_feedback_on_creator_id; Type: INDEX; Schema: public; Owner: -; Tablespace:
-- --
@@ -6181,3 +6195,7 @@ INSERT INTO schema_migrations (version) VALUES ('20130114154400');
INSERT INTO schema_migrations (version) VALUES ('20130219171111'); INSERT INTO schema_migrations (version) VALUES ('20130219171111');
INSERT INTO schema_migrations (version) VALUES ('20130219184743'); INSERT INTO schema_migrations (version) VALUES ('20130219184743');
INSERT INTO schema_migrations (version) VALUES ('20130221032344');
INSERT INTO schema_migrations (version) VALUES ('20130221035518');

4
test/unit/post_test.rb
View File

@@ -835,9 +835,9 @@ class PostTest < ActiveSupport::TestCase
assert_equal(post3.id, relation.first.id) assert_equal(post3.id, relation.first.id)
end end
should "fail for exclusive tag searches with no other tag" do should "succeed for exclusive tag searches with no other tag" do
post1 = FactoryGirl.create(:post, :rating => "s", :tag_string => "aaa") post1 = FactoryGirl.create(:post, :rating => "s", :tag_string => "aaa")
assert_raise(::Post::SearchError) do assert_nothing_raised do
relation = Post.tag_match("-aaa") relation = Post.tag_match("-aaa")
end end
end end