From mboxrd@z Thu Jan  1 00:00:00 1970
Return-Path: <e@80x24.org>
X-Spam-Checker-Version: SpamAssassin 3.4.2 (2018-09-13) on dcvr.yhbt.net
X-Spam-Level: 
X-Spam-ASN:  
X-Spam-Status: No, score=-4.0 required=3.0 tests=ALL_TRUSTED,AWL,BAYES_00
	shortcircuit=no autolearn=ham autolearn_force=no version=3.4.2
Received: from localhost (dcvr.yhbt.net [127.0.0.1])
	by dcvr.yhbt.net (Postfix) with ESMTP id 234E71F462
	for <meta@public-inbox.org>; Tue,  4 Jun 2019 11:27:51 +0000 (UTC)
From: Eric Wong <e@80x24.org>
To: meta@public-inbox.org
Subject: [PATCH 15/24] searchview: do not allow non-ASCII offsets and limits
Date: Tue,  4 Jun 2019 11:27:39 +0000
Message-Id: <20190604112748.23598-16-e@80x24.org>
In-Reply-To: <20190604112748.23598-1-e@80x24.org>
References: <20190604112748.23598-1-e@80x24.org>
MIME-Version: 1.0
Content-Transfer-Encoding: 8bit
List-Id: <meta.public-inbox.org>

Non-ASCII digits would be interpreted as zero when used as integers.
---
 lib/PublicInbox/SearchView.pm | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/lib/PublicInbox/SearchView.pm b/lib/PublicInbox/SearchView.pm
index 6592b3b..b089de9 100644
--- a/lib/PublicInbox/SearchView.pm
+++ b/lib/PublicInbox/SearchView.pm
@@ -308,12 +308,12 @@ sub new {
 	my ($class, $qp) = @_;
 
 	my $r = $qp->{r};
-	my ($l) = (($qp->{l} || '') =~ /(\d+)/);
+	my ($l) = (($qp->{l} || '') =~ /([0-9]+)/);
 	$l = $LIM if !$l || $l > $LIM;
 	bless {
 		q => $qp->{'q'},
 		x => $qp->{x} || '',
-		o => (($qp->{o} || '0') =~ /(\d+)/),
+		o => (($qp->{o} || '0') =~ /([0-9]+)/),
 		l => $l,
 		r => (defined $r && $r ne '0'),
 	}, $class;
-- 
EW