Source Control Integration - MantisBT - Signup temporarily disabled due to spam

Author	Committer	Branch	Timestamp	Parent
dregad	dregad	master	2013-03-18 18:36	master ce961095
Affected Issues	0015573: CVE-2013-1883: One query can be issued via current Mantis interface to take down site
Affected Issues	0016922: View Issues list is very slow if a filter is used
Changeset	Fix filter api issue with 'any condition' and text search A filter combining some criteria and a text search with 'any condition' results in a cartesian product, which has the potential to bring down the site as the RDBMS eats up all available resources. The root cause of this behavior is joining the bug_text table with a from clause and setting the join's criteria in the query's where clause, without taking consideration the operator's precedence (AND/OR). This commit resolves the problem by using a JOIN clause instead, which makes the query cleaner. Fixes 0015573
Changeset	mod - core/filter_api.php			Diff File