Verified Commit 3b7c0325 authored by Camil Staps's avatar Camil Staps

Add a response for too long queries in the frontend (these were not logged...

Add a response for too long queries in the frontend (these were not logged because they do not fit in the log table, and that allowed DOS attacks using long queries)
parent 104cdfe8
......@@ -58,6 +58,7 @@ fields:
* `152`: no input (GET variable `str` should be set to the search string)
* `153`: the Clean backend timed out
* `154`: you have sent too many requests; try again later (DoS protection)
* `155`: the query was too long
- `msg`
......
......@@ -117,7 +117,7 @@ function log_request($code) {
$stmt->bind_param('sisii',
$ip,
$ua_id,
$_GET['str'],
substr($_GET['str'], 0, 199),
$code,
$time);
$stmt->execute();
......@@ -142,6 +142,8 @@ if ($_SERVER['REQUEST_METHOD'] !== 'GET'){
respond(E_ILLEGALREQUEST, 'GET variable "str" must be set');
} else if (defined('CLOOGLE_KEEP_STATISTICS') && dos_protect()) {
respond(E_DOSPROTECT, "Yes, cloogle is great, but you don't need it so badly.");
} else if (strlen($_GET['str']) >= 200) {
respond(E_QUERYTOOLONG, 'Query too long');
} else {
$str = array_map('trim', explode('::', $_GET['str']));
$name = trim($str[0]);
......
......@@ -11,5 +11,6 @@ define('E_ILLEGALMETHOD', 151);
define('E_ILLEGALREQUEST', 152);
define('E_TIMEOUT', 153);
define('E_DOSPROTECT', 154);
define('E_QUERYTOOLONG', 155);
define('DOS_MAX_REQUESTS_PER_SECOND', 3);
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment