From 722264a0835d202df2f6782e6f8a3e7855aa3a70 Mon Sep 17 00:00:00 2001
From: whiteblXK <krzys16001@gmail.com>
Date: Tue, 7 Jul 2020 00:31:50 +0200
Subject: [PATCH] Added limit to search characters (#134)

* Update characters.php

* Update config.php

* Variable name change, better use LIMIT in query instead in loop

* Just to be sure. Security first :)

* use config function

Co-authored-by: slawkens <slawkens@gmail.com>
(cherry picked from commit dc536f0fc01862f052d5edee29ac188ac63fcf66)
---
 config.php                  | 3 +++
 system/pages/characters.php | 2 +-
 2 files changed, 4 insertions(+), 1 deletion(-)

diff --git a/config.php b/config.php
index aa4eb098..4c147b84 100644
--- a/config.php
+++ b/config.php
@@ -150,6 +150,9 @@ $config = array(
 		3 => 'Paladin Sample',
 		4 => 'Knight Sample'
 	),
+	
+	// it must show limited number of players after using search in character page
+	'characters_search_limit' => 15,
 
 	// town list used when creating character
 	// won't be displayed if there is only one item (rookgaard for example)
diff --git a/system/pages/characters.php b/system/pages/characters.php
index 66aaf9c1..aa3d78bb 100644
--- a/system/pages/characters.php
+++ b/system/pages/characters.php
@@ -432,7 +432,7 @@ else
 	if($db->hasColumn('players', 'deletion'))
 		$deleted = 'deletion';
 
-	$query = $db->query('SELECT `name`, `level`, `vocation`' . $promotion . ' FROM `players` WHERE `name` LIKE  ' . $db->quote('%' . $name . '%') . ' AND ' . $deleted . ' != 1;');
+	$query = $db->query('SELECT `name`, `level`, `vocation`' . $promotion . ' FROM `players` WHERE `name` LIKE  ' . $db->quote('%' . $name . '%') . ' AND ' . $deleted . ' != 1 LIMIT ' . (int)config('characters_search_limit') . ';');
 	if($query->rowCount() > 0)
 	{
 		echo 'Did you mean:<ul>';