From 3b09d8c882c2effcfad9fda4ae06350dd20c0e5f Mon Sep 17 00:00:00 2001 From: phiresky <phireskyde+git@gmail.com> Date: Tue, 25 Jul 2023 18:46:00 +0200 Subject: [PATCH] prevent ordering by comment path without post filter (#3717) --- crates/db_views/src/comment_view.rs | 7 +++++-- 1 file changed, 5 insertions(+), 2 deletions(-) diff --git a/crates/db_views/src/comment_view.rs b/crates/db_views/src/comment_view.rs index 1b77168d..6e06e1ba 100644 --- a/crates/db_views/src/comment_view.rs +++ b/crates/db_views/src/comment_view.rs @@ -340,8 +340,11 @@ impl<'a> CommentQuery<'a> { query = query.filter(nlevel(comment::path).le(depth_limit)); - // Always order by the parent path first - query = query.order_by(subpath(comment::path, 0, -1)); + // only order if filtering by a post id. DOS potential otherwise and max_depth + !post_id isn't used anyways (afaik) + if self.post_id.is_some() { + // Always order by the parent path first + query = query.order_by(subpath(comment::path, 0, -1)); + } // TODO limit question. Limiting does not work for comment threads ATM, only max_depth // For now, don't do any limiting for tree fetches -- 2.44.1