Skip to content


Subversion checkout URL

You can clone with
Download ZIP
Browse files

Fix filter api issue with 'any condition' and text search

A filter combining some criteria and a text search with 'any condition'
results in a cartesian product, which has the potential to bring down
the site as the RDBMS eats up all available resources.

The root cause of this behavior is joining the bug_text table with a
from clause and setting the join's criteria in the query's where clause,
without taking consideration the operator's precedence (AND/OR).

This commit resolves the problem by using a JOIN clause instead, which
makes the query cleaner.

Fixes #15573
  • Loading branch information...
commit d16988c3ca232a751c91702eb0331f929f56858c 1 parent d4e7b22
@dregad dregad authored
Showing with 3 additions and 4 deletions.
  1. +3 −4 core/filter_api.php
7 core/filter_api.php
@@ -1995,11 +1995,10 @@ function filter_get_bug_rows( &$p_page_number, &$p_per_page, &$p_page_count, &$p
# add text query elements to arrays
if ( !$t_first ) {
- $t_from_clauses[] = "$t_bug_text_table";
- $t_where_clauses[] = "$t_bug_table.bug_text_id = $";
+ $t_join_clauses[] = "JOIN $t_bug_text_table ON $t_bug_table.bug_text_id = $";
+ $t_join_clauses[] = "LEFT JOIN $t_bugnote_table ON $ = $t_bugnote_table.bug_id";
+ $t_join_clauses[] = "LEFT JOIN $t_bugnote_text_table ON $t_bugnote_table.bugnote_text_id = $";
$t_where_clauses[] = $t_textsearch_where_clause;
- $t_join_clauses[] = " LEFT JOIN $t_bugnote_table ON $ = $t_bugnote_table.bug_id";
- $t_join_clauses[] = " LEFT JOIN $t_bugnote_text_table ON $t_bugnote_table.bugnote_text_id = $";

1 comment on commit d16988c


Please use CVE-2013-1883.

Please sign in to comment.
Something went wrong with that request. Please try again.