Steps to reproduce:
- Go to MediaWiki
- In the upper right corner, click on the search field.
- Make a search query with a string so long that the whole search URL has a length of 8912 bytes.
I. Observed: The search will be accepted. This shows that no regulation is applied, just the standard URL length regulation of Apache exists which does not process URLs longer than 8912 bytes.
II. Expected: Bots frequently submit huge spam documents as search queries. In order to limit system impact, there should be a config option to set the maximum number of terms used in a search. Terms > than that should be stripped off transparently.