recaptime.dev / phorge
@recaptime-dev's working patches + fork for Phorge, a community fork of Phabricator. (Upstream dev and stable branches are at upstream/main and upstream/stable respectively.) hq.recaptime.dev/wiki/Phorge
phorge phabricator
1
fork

Configure Feed

Select the types of activity you want to include in your feed.

Avoid DB query for obviously invalid queryKeys of saved queries

Summary:
Do not execute a PhabricatorSavedQueryQuery in the database when a queryKey is passed which is obviously bogus.

Closes T16482

Test Plan:
* Adjust the newly added exception error message, go to http://phorge.localhost/conduit/method/project.column.search/ and enter a "string" in the queryKey field which does not have 12 characters.
* Adjust the newly added exception error message, go to http://phorge.localhost/maniphest/query/nonsense/#R and still get a 404.
* Optionally, check in DarkConsole that there is one less DB query (I did not).

Reviewers: O1 Blessed Committers, mainframe98

Reviewed By: O1 Blessed Committers, mainframe98

Subscribers: tobiaswiese, valerio.bozzolan, Matthew, Cigaryno

Maniphest Tasks: T16482

Differential Revision: https://we.phorge.it/D26720

Andre Klapper 48e51cc8 30ef575d

+8
+3
src/applications/search/controller/PhabricatorApplicationSearchController.php
··· 153 153 $saved_query = $engine->buildSavedQueryFromBuiltin($query_key); 154 154 $named_query = idx($engine->loadEnabledNamedQueries(), $query_key); 155 155 } else if ($query_key) { 156 + if (strlen($query_key) !== PhabricatorHash::INDEX_DIGEST_LENGTH) { 157 + return new Aphront404Response(); 158 + } 156 159 $saved_query = id(new PhabricatorSavedQueryQuery()) 157 160 ->setViewer($user) 158 161 ->withQueryKeys(array($query_key))
+5
src/applications/search/engine/PhabricatorApplicationSearchEngine.php
··· 1216 1216 $saved_query = new PhabricatorSavedQuery(); 1217 1217 } else if ($this->isBuiltinQuery($query_key)) { 1218 1218 $saved_query = $this->buildSavedQueryFromBuiltin($query_key); 1219 + } else if (strlen($query_key) !== PhabricatorHash::INDEX_DIGEST_LENGTH) { 1220 + throw new Exception( 1221 + pht( 1222 + 'Query key "%s" does not correspond to a valid query.', 1223 + $query_key)); 1219 1224 } else { 1220 1225 $saved_query = id(new PhabricatorSavedQueryQuery()) 1221 1226 ->setViewer($viewer)