Skip to content

Commit

Permalink
Fix bugs in ladder prefix search
Browse files Browse the repository at this point in the history 
- `$prefix` needs to be initialized
- `$_REQUEST['prefix']` was misspelled as `$_REQUEST['format']`
- prefix argument in `getTop` not correctly marked as optional
- fix missing `FROM`, `AS alias`, and extraneous `)` in query
- `LIMIT` apparently can't be parameterized in MySQL?
  • Loading branch information
@Zarel
Zarel committed Jul 19, 2019
1 parent 787a799 commit 8ca9916
Show file tree
Hide file tree
Showing 2 changed files with 9 additions and 8 deletions.
5 changes: 3 additions & 2 deletions ladder.php
View file
Original file line number Diff line number Diff line change
Expand Up @@ -3,9 +3,10 @@
include 'lib/ntbb-ladder.lib.php';

$formatid = 'OU';
$prefix = null;

if (@$_REQUEST['format']) $formatid = $_REQUEST['format'];
if (@$_REQUEST['format']) $prefix = $_REQUEST['prefix'];
if ($_REQUEST['format'] ?? null) $formatid = $_REQUEST['format'];
if ($_REQUEST['prefix'] ?? null) $prefix = $_REQUEST['prefix'];

if (!ctype_alnum($formatid)) {
die('denied');
Expand Down
12 changes: 6 additions & 6 deletions lib/ntbb-ladder.lib.php
View file
Original file line number Diff line number Diff line change
Expand Up @@ -206,7 +206,7 @@ function getAllRatings(&$user) {
return true;
}

function getTop($prefix) {
function getTop($prefix = null) {
global $ladderdb;
$needUpdate = true;
$top = array();
Expand All @@ -228,15 +228,15 @@ function getTop($prefix) {
// The ladder database can't really handle large queries which aren't indexed, so we instead perform
// an indexed query for additional rows and filter them down further. This is obviously *not* guaranteed
// to return exactly $limit results, but should be 'good enough' in practice.
$overfetch = $limit * 4;
$overfetch = $limit * 2;
$res = $ladderdb->query(
"SELECT * (SELECT * FROM `{$ladderdb->prefix}ladder` WHERE `formatid` = ? ORDER BY `elo` DESC LIMIT ?) WHERE `userid` LIKE ? LIMIT ?)",
[$this->formatid, $overfetch, "{$prefix}%", $limit]
"SELECT * FROM (SELECT * FROM `{$ladderdb->prefix}ladder` WHERE `formatid` = ? ORDER BY `elo` DESC LIMIT $overfetch) AS `unusedalias` WHERE `userid` LIKE ? LIMIT $limit",
[$this->formatid, "$prefix%"]
);
} else {
$res = $ladderdb->query(
"SELECT * FROM `{$ladderdb->prefix}ladder` WHERE `formatid` = ? ORDER BY `elo` DESC LIMIT ?",
[$this->formatid, $limit]
"SELECT * FROM `{$ladderdb->prefix}ladder` WHERE `formatid` = ? ORDER BY `elo` DESC LIMIT $limit",
[$this->formatid]
);
}

Expand Down

0 comments on commit 8ca9916

Please sign in to comment.