From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.2 (2018-09-13) on dcvr.yhbt.net X-Spam-Level: X-Spam-ASN: X-Spam-Status: No, score=-4.0 required=3.0 tests=ALL_TRUSTED,BAYES_00 shortcircuit=no autolearn=ham autolearn_force=no version=3.4.2 Received: from localhost (dcvr.yhbt.net [127.0.0.1]) by dcvr.yhbt.net (Postfix) with ESMTP id 4A4BB1F8C9 for ; Wed, 23 Jun 2021 11:14:23 +0000 (UTC) From: Eric Wong To: meta@public-inbox.org Subject: [PATCH 3/3] www: do not warn on blank query parameters Date: Wed, 23 Jun 2021 07:14:22 -0400 Message-Id: <20210623111422.30182-4-e@80x24.org> In-Reply-To: <20210623111422.30182-1-e@80x24.org> References: <20210623111422.30182-1-e@80x24.org> MIME-Version: 1.0 Content-Transfer-Encoding: 8bit List-Id: Sometimes users (or bots) may lead queries with '&' and trigger uninitialized variable warnings, just ignore them and give consumers a $ctx->{qp}->{''} entry. While we're in the area, pass a regexp rather than scalar string to the `split' perlop to prevent Perl from recompiling the regexp on every call. --- lib/PublicInbox/WWW.pm | 5 ++--- t/psgi_search.t | 4 ++++ 2 files changed, 6 insertions(+), 3 deletions(-) diff --git a/lib/PublicInbox/WWW.pm b/lib/PublicInbox/WWW.pm index 8f4bfd0f..841a7e85 100644 --- a/lib/PublicInbox/WWW.pm +++ b/lib/PublicInbox/WWW.pm @@ -50,10 +50,9 @@ sub call { %{$ctx->{qp}} = map { utf8::decode($_); tr/+/ /; - my ($k, $v) = split('=', $_, 2); - $v = uri_unescape($v // ''); + my ($k, $v) = split(/=/, $_, 2); # none of the keys we care about will need escaping - $k => $v; + ($k // '', uri_unescape($v // '')) } split(/[&;]+/, $env->{QUERY_STRING}); my $path_info = path_info_raw($env); diff --git a/t/psgi_search.t b/t/psgi_search.t index d59e439b..5bdd66ed 100644 --- a/t/psgi_search.t +++ b/t/psgi_search.t @@ -88,6 +88,10 @@ test_psgi(sub { $www->call(@_) }, sub { is($res->code, 200, 'successful search result'); is_deeply([], $warn, 'no warnings from non-numeric comparison'); + $res = $cb->(GET('/test/?&q=s:test')); + is($res->code, 200, 'successful search result'); + is_deeply([], $warn, 'no warnings from black parameter'); + $res = $cb->(POST('/test/?q=s:bogus&x=m')); is($res->code, 404, 'failed search result gives 404'); is_deeply([], $warn, 'no warnings');