Bug 632717: Limit the total number of results that a search can ever return.

Bugzilla/Config/Query.pm

@@ -71,8 +71,14 @@ sub get_param_list {
    name => 'specific_search_allow_empty_words',
    type => 'b',
    default => 1
-  }
-  
+  },
+
+  {
+    name => 'max_search_results',
+    type => 't',
+    default => '10000',
+    checker => \&check_numeric
+  },
   );
   return @param_list;
 }

Bugzilla/Search.pm

@@ -929,6 +929,12 @@ sub _sql_limit {
     my ($self) = @_;
     my $limit = $self->_params->{limit};
     my $offset = $self->_params->{offset};
+    
+    my $max_results = Bugzilla->params->{'max_search_results'};
+    if (!$self->{allow_unlimited} && (!$limit || $limit > $max_results)) {
+        $limit = $max_results;
+    }
+    
     if (defined $offset and not defined $limit) {
         $limit = INT_MAX;
     }

report.cgi

@@ -127,8 +127,11 @@ my @axis_fields = ($row_field || EMPTY_COLUMN,
 
 # Clone the params, so that Bugzilla::Search can modify them
 my $params = new Bugzilla::CGI($cgi);
-my $search = new Bugzilla::Search('fields' => \@axis_fields, 
-                                  'params' => scalar $params->Vars);
+my $search = new Bugzilla::Search(
+    fields => \@axis_fields, 
+    params => scalar $params->Vars,
+    allow_unlimited => 1,
+);
 my $query = $search->sql;
 
 $::SIG{TERM} = 'DEFAULT';

template/en/default/admin/params/query.html.tmpl

@@ -55,4 +55,9 @@
     "Whether to allow a search on the 'Simple Search' page with an empty"
     _ " 'Words' field.",
 
+  max_search_results =>
+    "The maximum number of $terms.bugs that a search can"
+    _ " <strong>ever</strong> return. Tabular and graphical reports"
+    _ " are exempted from this limit, however."
+
 } %]