From mboxrd@z Thu Jan  1 00:00:00 1970
Return-Path: <normalperson@yhbt.net>
X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on dcvr.yhbt.net
X-Spam-Level: 
X-Spam-ASN:  
X-Spam-Status: No, score=-5.4 required=3.0 tests=ALL_TRUSTED,BAYES_00,
	HEADER_FROM_DIFFERENT_DOMAINS,RP_MATCHES_RCVD,URIBL_BLOCKED shortcircuit=no
	autolearn=unavailable autolearn_force=no version=3.4.0
Received: from localhost (dcvr.yhbt.net [127.0.0.1])
	by dcvr.yhbt.net (Postfix) with ESMTP id CC3461FCB1
	for <meta@public-inbox.org>; Sun, 22 May 2016 20:54:44 +0000 (UTC)
From: Eric Wong <e@80x24.org>
To: meta@public-inbox.org
Subject: [PATCH] www: avoid warnings on bad offsets for Xapian
Date: Sun, 22 May 2016 20:54:44 +0000
Message-Id: <20160522205444.11617-1-e@80x24.org>
List-Id: <meta@public-inbox.org>

The offset argument must be an integer for Xapian,
however users (or bots) type the darndest things.

AFAIK this has no security implications besides triggering
a warning (which could lead to out-of-space-errors)
---
 lib/PublicInbox/SearchView.pm | 3 ++-
 lib/PublicInbox/View.pm       | 5 ++---
 2 files changed, 4 insertions(+), 4 deletions(-)

diff --git a/lib/PublicInbox/SearchView.pm b/lib/PublicInbox/SearchView.pm
index c0cd1ff..e3dc22f 100644
--- a/lib/PublicInbox/SearchView.pm
+++ b/lib/PublicInbox/SearchView.pm
@@ -263,10 +263,11 @@ use PublicInbox::Hval;
 sub new {
 	my ($class, $cgi) = @_;
 	my $r = $cgi->param('r');
+	my ($off) = (($cgi->param('o') || '0') =~ /(\d+)/);
 	bless {
 		q => $cgi->param('q'),
 		x => $cgi->param('x') || '',
-		o => int($cgi->param('o') || 0) || 0,
+		o => $off,
 		r => (defined $r && $r ne '0'),
 	}, $class;
 }
diff --git a/lib/PublicInbox/View.pm b/lib/PublicInbox/View.pm
index 2194981..4360991 100644
--- a/lib/PublicInbox/View.pm
+++ b/lib/PublicInbox/View.pm
@@ -840,13 +840,12 @@ sub emit_topics {
 
 sub emit_index_topics {
 	my ($state) = @_;
-	my $off = $state->{ctx}->{cgi}->param('o');
-	$off = 0 unless defined $off;
+	my ($off) = (($state->{ctx}->{cgi}->param('o') || '0') =~ /(\d+)/);
 	$state->{order} = [];
 	$state->{subjs} = {};
 	$state->{latest} = {};
 	my $max = 25;
-	my %opts = ( offset => int $off, limit => $max * 4 );
+	my %opts = ( offset => $off, limit => $max * 4 );
 	while (scalar @{$state->{order}} < $max) {
 		my $sres = $state->{srch}->query('', \%opts);
 		my $nr = scalar @{$sres->{msgs}} or last;