[SECURITY] Limit the search results per page 30/46830/2
authorBenni Mack <benni@typo3.org>
Tue, 23 Feb 2016 10:44:49 +0000 (11:44 +0100)
committerOliver Hader <oliver.hader@typo3.org>
Tue, 23 Feb 2016 10:45:24 +0000 (11:45 +0100)
Indexed Search allows to show up to 100.000
entries per page by configuring the paging
entry via a GET/POST variable, leading to a
possible DoS attack.

The max limit is set to 100 entries per page,
as a reasonable limit for the website search
results.

Resolves: #73458
Releases: master, 7.6, 6.2
Security-Commit: 8dc6e3c41d53788966b1ab220acd49a815ccfe7f
Security-Bulletins: TYPO3-CORE-SA-2016-005, 006, 007, 008
Change-Id: I46d825d918d716c6059bb732d3b808dd4bafdc9c
Reviewed-on: https://review.typo3.org/46830
Reviewed-by: Oliver Hader <oliver.hader@typo3.org>
Tested-by: Oliver Hader <oliver.hader@typo3.org>
typo3/sysext/indexed_search/Classes/Controller/SearchController.php
typo3/sysext/indexed_search/Classes/Controller/SearchFormController.php

index 69a0503..e344df2 100644 (file)
@@ -156,7 +156,7 @@ class SearchController extends \TYPO3\CMS\Extbase\Mvc\Controller\ActionControlle
                if ($searchData['_freeIndexUid'] !== '' && $searchData['_freeIndexUid'] !== '_') {
                        $searchData['freeIndexUid'] = $searchData['_freeIndexUid'];
                }
-               $searchData['numberOfResults'] = \TYPO3\CMS\Core\Utility\MathUtility::forceIntegerInRange($searchData['numberOfResults'], 1, 100000, $this->defaultResultNumber);
+               $searchData['numberOfResults'] = \TYPO3\CMS\Core\Utility\MathUtility::forceIntegerInRange($searchData['numberOfResults'], 1, 100, $this->defaultResultNumber);
                // This gets the search-words into the $searchWordArray
                $this->sword = $searchData['sword'];
                // Add previous search words to current
index 225fd13..299c822 100644 (file)
@@ -233,7 +233,7 @@ class SearchFormController extends \TYPO3\CMS\Frontend\Plugin\AbstractPlugin {
                if ($this->piVars['sword_prev_include'] && $this->piVars['sword_prev']) {
                        $this->piVars['sword'] = trim($this->piVars['sword_prev']) . ' ' . $this->piVars['sword'];
                }
-               $this->piVars['results'] = \TYPO3\CMS\Core\Utility\MathUtility::forceIntegerInRange($this->piVars['results'], 1, 100000, $this->defaultResultNumber);
+               $this->piVars['results'] = \TYPO3\CMS\Core\Utility\MathUtility::forceIntegerInRange($this->piVars['results'], 1, 100, $this->defaultResultNumber);
                // Selector-box values defined here:
                $this->optValues = array(
                        'type' => array(