Infinite loop with special conditions

  • Resolved Tema

    (@madeinua)


    1 year ago

    Hi there,

    I found a specific problem with the security tool (ZAP). With a specific search query and some conditions (I haven’t checked this point deeply), the query request never stops due to an infinite loop inside one function.

    The search query:

    ?s=test"+%2F+sleep(15)+%2F+"

    This query goes to the function relevanssi_extract_locations where the variable $words=["/ sleep(15) /", "sleep(15)", "test", "/", ""]. Then the loop while ( false !== $loc ) { never ends/breaks because the function relevanssi_stripos always return false (when the $word is empty).

    I can temporarily solve this issue by enabling relevanssi_optimize_excerpts but please take a closer look at this issue.

    Thanks in advance!

    Artem

Viewing 2 replies - 1 through 2 (of 2 total)
  • Plugin Author Mikko Saari

    (@msaari)

    Another solution: set the excerpt length based on words, not characters. That’s the best way in any case, since it’s much faster than character-based excerpt length.

    I tried reproducing the issue, but I can’t. I don’t know where the empty string is coming to the array; from that query, my test site comes up with array(5) { [0]=> string(9) "sleep(15)" [1]=> string(5) "sleep" [2]=> string(4) "test" [3]=> string(3) " 15" [4]=> string(1) "/" }.

    When I manually added the empty string, I see it gets into an infinite loop. The problem isn’t that relevanssi_stripos() always returns false; it’s that it returns int(0) (which is how stripos() works).

    I’ll fix this by adding a simple check in the foreach loop:

    if ( ! $word ) {
	continue;
}
    Thread Starter Tema

    (@madeinua)

    Okay, thanks!

Viewing 2 replies - 1 through 2 (of 2 total)
  • The topic ‘Infinite loop with special conditions’ is closed to new replies.