Thread Rating:
  • 0 Vote(s) - 0 Average
  • 1
  • 2
  • 3
  • 4
  • 5
"Search" problem
Hello again,

I don't want to report another security bug this time, although there are still some of them in your software.

The problem i would like to report is a problem with 'search' function in mybb. I have discovered, that some search queries can run into 'nirvana' until the php process kills itself after max_execution_time limit reached. During that execution the process uses all available CPU time. Another result can happen is MySQL process death and MySQL error 2013 ('Lost connection to MySQL server during query'). Nice isn't it? Wink That 'feature' definitely improves an image of web site that uses your software...
That happens when i use very common search terms like 'this' or 'it'. For example, a search query containing only two words 'this it' at your community forum have ends in a following error page after about 30 seconds:
Quote:mySQL error: 2013
Lost connection to MySQL server during query
Query: UPDATE users SET lastactive='XXXXXXXXXX', timeonline=timeonline+7 WHERE uid='XXX'
(values of lastactive and uid are changed).

I would not give you a tipp about optimizing MySQL queries (surely great you know that much better than little me). Btw, that can also be used for flood down a server (shall i explain how? Big Grin ).
First, thank you for reporting this as we will certainly look into it. Second, I just fixed a more specific issue that produced this error, but I will try to implement a system to prevent MySQL from returning too many rows even before 1.0 release. I can't provide any guarantees, however.
Peter Akkies
Too many rows can be also handeled if they containing not too much data. Try to read IDs only.
This will be fixed when you convert the search to full-text search. MySQL has a little of common words (such as these) and will ignore the common words.
Updated Site!
My mods
1.1: MyBB Zip Installer, Easy Install v2.0, Cash/Points plugin, PayPal/Subscriber, Reply by email, Advanced Plugins
Hi again,

I have experienced some problems with fulltext search in my software. Here is the 'little' list of common words forom mySQL 4.1.12:
a's, able, about, above, according, accordingly, across, actually, after, afterwards, again, against, ain't, all, allow, allows, almost, alone, along, already, also, although, always, am, among, amongst, an, and, another, any, anybody, anyhow, anyone, anything, anyway, anyways, anywhere, apart, appear, appreciate, appropriate, are, aren't, around, as, aside, ask, asking, associated, at, available, away, awfully, be, became, because, become, becomes, becoming, been, before, beforehand, behind, being, believe, below, beside, besides, best, better, between, beyond, both, brief, but, by, c'mon, c's, came, can, can't, cannot, cant, cause, causes, certain, certainly, changes, clearly, co, com, come, comes, concerning, consequently, consider, considering, contain, containing, contains, corresponding, could, couldn't, course, currently, definitely, described, despite, did, didn't, different, do, does, doesn't, doing, don't, done, down, downwards, during, each, edu, eg, eight, either, else, elsewhere, enough, entirely, especially, et, etc, even, ever, every, everybody, everyone, everything, everywhere, ex, exactly, example, except, far, few, fifth, first, five, followed, following, follows, for, former, formerly, forth, four, from, further, furthermore, get, gets, getting, given, gives, go, goes, going, gone, got, gotten, greetings, had, hadn't, happens, hardly, has, hasn't, have, haven't, having, he, he's, hello, help, hence, her, here, here's, hereafter, hereby, herein, hereupon, hers, herself, hi, him, himself, his, hither, hopefully, how, howbeit, however, i'd, i'll, i'm, i've, ie, if, ignored, immediate, in, inasmuch, inc, indeed, indicate, indicated, indicates, inner, insofar, instead, into, inward, is, isn't, it, it'd, it'll, it's, its, itself, just, keep, keeps, kept, know, knows, known, last, lately, later, latter, latterly, least, less, lest, let, let's, like, liked, likely, little, look, looking, looks, ltd, mainly, many, may, maybe, me, mean, meanwhile, merely, might, more, moreover, most, mostly, much, must, my, myself, name, namely, nd, near, nearly, necessary, need, needs, neither, never, nevertheless, new, next, nine, no, nobody, non, none, noone, nor, normally, not, nothing, novel, now, nowhere, obviously, of, off, often, oh, ok, okay, old, on, once, one, ones, only, onto, or, other, others, otherwise, ought, our, ours, ourselves, out, outside, over, overall, own, particular, particularly, per, perhaps, placed, please, plus, possible, presumably, probably, provides, que, quite, qv, rather, rd, re, really, reasonably, regarding, regardless, regards, relatively, respectively, right, said, same, saw, say, saying, says, second, secondly, see, seeing, seem, seemed, seeming, seems, seen, self, selves, sensible, sent, serious, seriously, seven, several, shall, she, should, shouldn't, since, six, so, some, somebody, somehow, someone, something, sometime, sometimes, somewhat, somewhere, soon, sorry, specified, specify, specifying, still, sub, such, sup, sure, t's, take, taken, tell, tends, th, than, thank, thanks, thanx, that, that's, thats, the, their, theirs, them, themselves, then, thence, there, there's, thereafter, thereby, therefore, therein, theres, thereupon, these, they, they'd, they'll, they're, they've, think, third, this, thorough, thoroughly, those, though, three, through, throughout, thru, thus, to, together, too, took, toward, towards, tried, tries, truly, try, trying, twice, two, un, under, unfortunately, unless, unlikely, until, unto, up, upon, us, use, used, useful, uses, using, usually, value, various, very, via, viz, vs, want, wants, was, wasn't, way, we, we'd, we'll, we're, we've, welcome, well, went, were, weren't, what, what's, whatever, when, whence, whenever, where, where's, whereafter, whereas, whereby, wherein, whereupon, wherever, whether, which, while, whither, who, who's, whoever, whole, whom, whose, why, will, willing, wish, with, within, without, won't, wonder, would, would, wouldn't, yes, yet, you, you'd, you'll, you're, you've, your, yours, yourself, yourselves, zero

And all these words are ignored during search. If you, for example looking for "as it was described here" you will get NO RESULTS AT ALL... And another example: if you looking for "second floor" with 'Search for all terms' option, then you will get all rows containing 'floor' word, 'second' word will be simply ignored...
Unfortunately, there is not possible to change/disable wordlist in MySQL at runtime.
Full-text search offers great possibilities (especially in BOOLEAN MODE), but i think, not for the forum software.

Another good search possibility is: LIKE. It is almost so fast as FULL-TEXT but does not have it's restrictions.

Yes, all those words are ignored during a fulltext search. However, they are not common words for nothing. Many other scripts that use MySQL also use fulltext searching and I personally have never heard of people getting annoyed by not being able to search for "hither" or "normally". We currently have plans to include fulltext search in MyBB, but that will probably not happen before 1.0.
Peter Akkies

Forum Jump:

Users browsing this thread: 1 Guest(s)