Add a response for too long queries in the frontend (these were not logged...

Add a response for too long queries in the frontend (these were not logged because they do not fit in the log table, and that allowed DOS attacks using long queries)

README.md

@@ -58,6 +58,7 @@ fields:
 	* `152`: no input (GET variable `str` should be set to the search string)
 	* `153`: the Clean backend timed out
 	* `154`: you have sent too many requests; try again later (DoS protection)
+	* `155`: the query was too long
 
 - `msg`
 

frontend/api.php

@@ -117,7 +117,7 @@ function log_request($code) {
 	$stmt->bind_param('sisii',
 		$ip,
 		$ua_id,
-		$_GET['str'],
+		substr($_GET['str'], 0, 199),
 		$code,
 		$time);
 	$stmt->execute();
@@ -142,6 +142,8 @@ if ($_SERVER['REQUEST_METHOD'] !== 'GET'){
 	respond(E_ILLEGALREQUEST, 'GET variable "str" must be set');
 } else if (defined('CLOOGLE_KEEP_STATISTICS') && dos_protect()) {
 	respond(E_DOSPROTECT, "Yes, cloogle is great, but you don't need it so badly.");
+} else if (strlen($_GET['str']) >= 200) {
+	respond(E_QUERYTOOLONG, 'Query too long');
 } else {
 	$str = array_map('trim', explode('::', $_GET['str']));
 	$name = trim($str[0]);

frontend/conf.php

@@ -11,5 +11,6 @@ define('E_ILLEGALMETHOD', 151);
 define('E_ILLEGALREQUEST', 152);
 define('E_TIMEOUT', 153);
 define('E_DOSPROTECT', 154);
+define('E_QUERYTOOLONG', 155);
 
 define('DOS_MAX_REQUESTS_PER_SECOND', 3);