From 65f29d816f6f46f866b268c20ebd8f4da631beb6 Mon Sep 17 00:00:00 2001
From: Adam <adam@mastercoin.org>
Date: Mon, 30 Jul 2018 09:21:38 -0500
Subject: [PATCH] validate search service query

---
 api/search_service.py | 8 ++++++++
 1 file changed, 8 insertions(+)

diff --git a/api/search_service.py b/api/search_service.py
index a8732fd9a..8799811cd 100644
--- a/api/search_service.py
+++ b/api/search_service.py
@@ -20,6 +20,14 @@ def search():
       query = re.sub(r'\W+', '0', request.args.get('query') ) # strip and get query
   else:
       return jsonify({ 'status': 400, 'data': 'No query found in request' })
+
+
+  if query[:2] in ['0x','0X']:
+    return jsonify({ 'status': 400, 'data': 'Invalid search query prefix.' })
+
+  if len(query) < 3:
+    return jsonify({ 'status': 400, 'data': 'Search query to short.' })
+
   ROWS=dbSelect("select * from transactions t, txjson txj where t.txhash ~* \'" + str(query) + "\' and t.txdbserialnum=txj.txdbserialnum")
 
   response = []