From 1bbe643808d4630703e8fe9ca5577982dda6095e Mon Sep 17 00:00:00 2001 From: Ralf Becker Date: Sat, 29 Jun 2013 16:41:54 +0000 Subject: [PATCH] fixed allowed memory size extended error, if trying to read history from a ldap or ads contact with an id starting with a letter, did an unlimited query for all history-log entries of addressbook --- phpgwapi/inc/class.historylog.inc.php | 16 +++++++++++----- 1 file changed, 11 insertions(+), 5 deletions(-) diff --git a/phpgwapi/inc/class.historylog.inc.php b/phpgwapi/inc/class.historylog.inc.php index fea7e4803d..1615f56d6e 100644 --- a/phpgwapi/inc/class.historylog.inc.php +++ b/phpgwapi/inc/class.historylog.inc.php @@ -132,7 +132,7 @@ class historylog */ function search($filter,$order='history_id',$sort='DESC') { - if (!is_array($filter)) $filter = (int)$filter ? array('history_record_id' => $filter) : array(); + if (!is_array($filter)) $filter = is_numeric($filter) ? array('history_record_id' => $filter) : array(); if (!$_orderby || !preg_match('/^[a-z0-9_]+$/i',$_orderby) || !preg_match('/^(asc|desc)?$/i',$sort)) { @@ -152,6 +152,9 @@ class historylog } if (!isset($filter['history_appname'])) $filter['history_appname'] = $this->appname; + // do not try to read all history entries of an app + if (!$filter['history_record_id']) return array(); + $rows = array(); foreach($this->db->select(self::TABLE,'*',$filter,__LINE__,__FILE__,false,$orderby) as $row) { @@ -163,7 +166,7 @@ class historylog /** * Get a slice of history records - * + * * Similar to search(), except this one can take a start and a number of records */ public static function get_rows(&$query, &$rows) { @@ -188,9 +191,9 @@ class historylog self::TABLE, $mysql_calc_rows.'*', $filter, - __LINE__, __FILE__, + __LINE__, __FILE__, $query['start'], - 'ORDER BY ' . ($query['order'] ? $query['order'] : 'history_id') . ' ' . ($query['sort'] ? $query['sort'] : 'DESC'), + 'ORDER BY ' . ($query['order'] ? $query['order'] : 'history_id') . ' ' . ($query['sort'] ? $query['sort'] : 'DESC'), 'phpgwapi', $query['num_rows'] ) as $row) { @@ -218,7 +221,10 @@ class historylog */ function return_array($filter_out,$only_show,$_orderby,$sort, $record_id) { - + if (!is_numeric($record_id)) + { + return array(); + } if (!$_orderby || !preg_match('/^[a-z0-9_]+$/i',$_orderby) || !preg_match('/^(asc|desc)?$/i',$sort)) { $orderby = 'ORDER BY history_timestamp,history_id';