From 3b09d8c882c2effcfad9fda4ae06350dd20c0e5f Mon Sep 17 00:00:00 2001
From: phiresky <phireskyde+git@gmail.com>
Date: Tue, 25 Jul 2023 18:46:00 +0200
Subject: [PATCH] prevent ordering by comment path without post filter (#3717)

---
 crates/db_views/src/comment_view.rs | 7 +++++--
 1 file changed, 5 insertions(+), 2 deletions(-)

diff --git a/crates/db_views/src/comment_view.rs b/crates/db_views/src/comment_view.rs
index 1b77168d..6e06e1ba 100644
--- a/crates/db_views/src/comment_view.rs
+++ b/crates/db_views/src/comment_view.rs
@@ -340,8 +340,11 @@ impl<'a> CommentQuery<'a> {
 
       query = query.filter(nlevel(comment::path).le(depth_limit));
 
-      // Always order by the parent path first
-      query = query.order_by(subpath(comment::path, 0, -1));
+      // only order if filtering by a post id. DOS potential otherwise and max_depth + !post_id isn't used anyways (afaik)
+      if self.post_id.is_some() {
+        // Always order by the parent path first
+        query = query.order_by(subpath(comment::path, 0, -1));
+      }
 
       // TODO limit question. Limiting does not work for comment threads ATM, only max_depth
       // For now, don't do any limiting for tree fetches
-- 
2.44.1