prevent ordering by comment path without post filter (#3717)

author phiresky <phireskyde+git@gmail.com>

Tue, 25 Jul 2023 16:46:00 +0000 (18:46 +0200)

committer GitHub <noreply@github.com>

Tue, 25 Jul 2023 16:46:00 +0000 (12:46 -0400)
author phiresky <phireskyde+git@gmail.com>
Tue, 25 Jul 2023 16:46:00 +0000 (18:46 +0200)
committer GitHub <noreply@github.com>
Tue, 25 Jul 2023 16:46:00 +0000 (12:46 -0400)
diff --git a/crates/db_views/src/comment_view.rs b/crates/db_views/src/comment_view.rs

index 1b77168d8b43de4ed3047ff619d136d2cc953d24..6e06e1baaa72a8e0bdd01d47165bf44bb1300d4b 100644 (file)
--- a/crates/db_views/src/comment_view.rs
+++ b/crates/db_views/src/comment_view.rs
@@ -340,8 +340,11 @@ impl<'a> CommentQuery<'a> {
  
        query = query.filter(nlevel(comment::path).le(depth_limit));
  
-      // Always order by the parent path first
-      query = query.order_by(subpath(comment::path, 0, -1));
+      // only order if filtering by a post id. DOS potential otherwise and max_depth + !post_id isn't used anyways (afaik)
+      if self.post_id.is_some() {
+        // Always order by the parent path first
+        query = query.order_by(subpath(comment::path, 0, -1));
+      }
  
        // TODO limit question. Limiting does not work for comment threads ATM, only max_depth
        // For now, don't do any limiting for tree fetches
author	phiresky <phireskyde+git@gmail.com>
	Tue, 25 Jul 2023 16:46:00 +0000 (18:46 +0200)
committer	GitHub <noreply@github.com>
	Tue, 25 Jul 2023 16:46:00 +0000 (12:46 -0400)