Bug 859118 - Bug.search called with no arguments returns all visible bugs,…

Bugzilla/WebService/Bug.pm

@@ -406,14 +406,25 @@ sub history {
 
 sub search {
     my ($self, $params) = @_;
-   
+
     Bugzilla->switch_to_shadow_db();
 
     if ( defined($params->{offset}) and !defined($params->{limit}) ) {
         ThrowCodeError('param_required', 
                        { param => 'limit', function => 'Bug.search()' });
     }
-    
+
+    my $max_results = Bugzilla->params->{max_search_results};
+    unless (defined $params->{limit} && $params->{limit} == 0) {
+        if (!defined $params->{limit} || $params->{limit} > $max_results) {
+            $params->{limit} = $max_results;
+        }
+    }
+    else {
+        delete $params->{limit};
+        delete $params->{offset};
+    }
+
     $params = Bugzilla::Bug::map_fields($params);
     delete $params->{WHERE};
 
@@ -440,7 +451,17 @@ sub search {
         my $clause = join(' OR ', @likes);
         $params->{WHERE}->{"($clause)"} = [map { "\%$_\%" } @strings];
     }
-   
+
+    # If no other parameters have been passed other than limit and offset
+    # and a WHERE parameter was not created earlier, then we throw error
+    # if system is configured to do so.
+    if (!$params->{WHERE} 
+        && !grep(!/(limit|offset)/i, keys %$params)
+        && !Bugzilla->params->{search_allow_no_criteria})
+    {
+        ThrowUserError('buglist_parameters_required');
+    }
+
     # We want include_fields and exclude_fields to be passed to
     # _bug_to_hash but not to Bugzilla::Bug->match so we copy the 
     # params and delete those before passing to Bugzilla::Bug->match.
@@ -2257,13 +2278,16 @@ May not be an array.
 
 =item C<limit>
 
-C<int> Limit the number of results returned to C<int> records.
+C<int> Limit the number of results returned to C<int> records. If the limit
+is more than zero and higher than the maximum limit set by the administrator,
+then the maximum limit will be used instead. If you set the limit equal to zero,
+then all matching results will be returned instead.
 
 =item C<offset>
 
-C<int> Used in conjunction with the C<limit> argument, C<offset> defines 
-the starting position for the search. For example, given a search that 
-would return 100 bugs, setting C<limit> to 10 and C<offset> to 10 would return 
+C<int> Used in conjunction with the C<limit> argument, C<offset> defines
+the starting position for the search. For example, given a search that
+would return 100 bugs, setting C<limit> to 10 and C<offset> to 10 would return
 bugs 11 through 20 from the set of 100.
 
 =item C<op_sys>
@@ -2349,10 +2373,16 @@ log in and I<then> call this method.
 
 =item B<Errors>
 
-Currently, this function doesn't throw any special errors (other than
-the ones that all webservice functions can throw). If you specify
-an invalid value for a particular field, you just won't get any results
-for that value.
+If you specify an invalid value for a particular field, you just won't
+get any results for that value.
+
+=over
+
+=item 1000 (Parameters Required)
+
+You may not search without any search terms.
+
+=back
 
 =item B<History>
 
@@ -2365,6 +2395,10 @@ for that value.
 =item The C<reporter> input parameter was renamed to C<creator>
 in Bugzilla B<4.0>.
 
+=item In B<4.2.6> and newer, added the ability to return all results if
+C<limit> is set equal to zero. Otherwise maximum results returned are limited
+by system configuration.
+
 =back
 
 =back

Bugzilla/WebService/Constants.pm

@@ -163,6 +163,9 @@ use constant WS_ERROR_CODE => {
     # Classification errors are 900-1000
     auth_classification_not_enabled => 900,
 
+    # Search errors are 1000-1100
+    buglist_parameters_required => 1000,
+
     # Errors thrown by the WebService itself. The ones that are negative 
     # conform to http://xmlrpc-epi.sourceforge.net/specs/rfc.fault_codes.php
     xmlrpc_invalid_value => -32600,