From 3356e9b963fbe0843aa5553b1dd8118ae3595766 Mon Sep 17 00:00:00 2001
From: Benni Mack <benni@typo3.org>
Date: Tue, 23 Feb 2016 11:45:57 +0100
Subject: [PATCH] [SECURITY] Limit the search results per page

Indexed Search allows to show up to 100.000
entries per page by configuring the paging
entry via a GET/POST variable, leading to a
possible DoS attack.

The max limit is set to 100 entries per page,
as a reasonable limit for the website search
results.

Resolves: #73458
Releases: master, 7.6, 6.2
Security-Commit: ea0c1c4377b1111e4a822981a6a948b96dc0215f
Security-Bulletins: TYPO3-CORE-SA-2016-005, 006, 007, 008
Change-Id: I7d2ff1c3ba388a9bfc0be0cd905a8e24a14f13d8
Reviewed-on: https://review.typo3.org/46836
Reviewed-by: Oliver Hader <oliver.hader@typo3.org>
Tested-by: Oliver Hader <oliver.hader@typo3.org>
---
 .../indexed_search/Classes/Controller/SearchController.php      | 2 +-
 .../indexed_search/Classes/Controller/SearchFormController.php  | 2 +-
 2 files changed, 2 insertions(+), 2 deletions(-)

diff --git a/typo3/sysext/indexed_search/Classes/Controller/SearchController.php b/typo3/sysext/indexed_search/Classes/Controller/SearchController.php
index 7aebd9b63108..3d6ffd5a689d 100644
--- a/typo3/sysext/indexed_search/Classes/Controller/SearchController.php
+++ b/typo3/sysext/indexed_search/Classes/Controller/SearchController.php
@@ -186,7 +186,7 @@ class SearchController extends \TYPO3\CMS\Extbase\Mvc\Controller\ActionControlle
         if ($searchData['_freeIndexUid'] !== '' && $searchData['_freeIndexUid'] !== '_') {
             $searchData['freeIndexUid'] = $searchData['_freeIndexUid'];
         }
-        $searchData['numberOfResults'] = MathUtility::forceIntegerInRange($searchData['numberOfResults'], 1, 100000, $this->defaultResultNumber);
+        $searchData['numberOfResults'] = MathUtility::forceIntegerInRange($searchData['numberOfResults'], 1, 100, $this->defaultResultNumber);
         // This gets the search-words into the $searchWordArray
         $this->sword = $searchData['sword'];
         // Add previous search words to current
diff --git a/typo3/sysext/indexed_search/Classes/Controller/SearchFormController.php b/typo3/sysext/indexed_search/Classes/Controller/SearchFormController.php
index d0f9df391c0d..47354846514b 100755
--- a/typo3/sysext/indexed_search/Classes/Controller/SearchFormController.php
+++ b/typo3/sysext/indexed_search/Classes/Controller/SearchFormController.php
@@ -245,7 +245,7 @@ class SearchFormController extends \TYPO3\CMS\Frontend\Plugin\AbstractPlugin
         if ($this->piVars['sword_prev_include'] && $this->piVars['sword_prev']) {
             $this->piVars['sword'] = trim($this->piVars['sword_prev']) . ' ' . $this->piVars['sword'];
         }
-        $this->piVars['results'] = MathUtility::forceIntegerInRange($this->piVars['results'], 1, 100000, $this->defaultResultNumber);
+        $this->piVars['results'] = MathUtility::forceIntegerInRange($this->piVars['results'], 1, 100, $this->defaultResultNumber);
         // Make sure that some cropping and markup constants used later are defined
         $this->loadSettings();
 
-- 
GitLab