Fix filter api issue with 'any condition' and text search

A filter combining some criteria and a text search with 'any condition' results in a cartesian product, which has the potential to bring down the site as the RDBMS eats up all available resources. The root cause of this behavior is joining the bug_text table with a from clause and setting the join's criteria in the query's where clause, without taking consideration the operator's precedence (AND/OR). This commit resolves the problem by using a JOIN clause instead, which makes the query cleaner. Fixes #15573
mantisbt · Mar 18, 2013 · d16988c · d16988c · fgeek · Mar 22, 2013
1 parent d4e7b22
commit d16988c
Showing 1 changed file with 3 additions and 4 deletions.
diff --git a/core/filter_api.php b/core/filter_api.php
@@ -1995,11 +1995,10 @@ function filter_get_bug_rows( &$p_page_number, &$p_per_page, &$p_page_count, &$p
 
 		# add text query elements to arrays
 		if ( !$t_first ) {
-			$t_from_clauses[] = "$t_bug_text_table";
-			$t_where_clauses[] = "$t_bug_table.bug_text_id = $t_bug_text_table.id";
+			$t_join_clauses[] = "JOIN $t_bug_text_table ON $t_bug_table.bug_text_id = $t_bug_text_table.id";
+			$t_join_clauses[] = "LEFT JOIN $t_bugnote_table ON $t_bug_table.id = $t_bugnote_table.bug_id";
+			$t_join_clauses[] = "LEFT JOIN $t_bugnote_text_table ON $t_bugnote_table.bugnote_text_id = $t_bugnote_text_table.id";
 			$t_where_clauses[] = $t_textsearch_where_clause;
-			$t_join_clauses[] = " LEFT JOIN $t_bugnote_table ON $t_bug_table.id = $t_bugnote_table.bug_id";
-			$t_join_clauses[] = " LEFT JOIN $t_bugnote_text_table ON $t_bugnote_table.bugnote_text_id = $t_bugnote_text_table.id";
 		}
 	}