* [PATCH] www: avoid warnings on bad offsets for Xapian
@ 2016-05-22 20:54 7% Eric Wong
0 siblings, 0 replies; 1+ results
From: Eric Wong @ 2016-05-22 20:54 UTC (permalink / raw)
To: meta
The offset argument must be an integer for Xapian,
however users (or bots) type the darndest things.
AFAIK this has no security implications besides triggering
a warning (which could lead to out-of-space-errors)
---
lib/PublicInbox/SearchView.pm | 3 ++-
lib/PublicInbox/View.pm | 5 ++---
2 files changed, 4 insertions(+), 4 deletions(-)
diff --git a/lib/PublicInbox/SearchView.pm b/lib/PublicInbox/SearchView.pm
index c0cd1ff..e3dc22f 100644
--- a/lib/PublicInbox/SearchView.pm
+++ b/lib/PublicInbox/SearchView.pm
@@ -263,10 +263,11 @@ use PublicInbox::Hval;
sub new {
my ($class, $cgi) = @_;
my $r = $cgi->param('r');
+ my ($off) = (($cgi->param('o') || '0') =~ /(\d+)/);
bless {
q => $cgi->param('q'),
x => $cgi->param('x') || '',
- o => int($cgi->param('o') || 0) || 0,
+ o => $off,
r => (defined $r && $r ne '0'),
}, $class;
}
diff --git a/lib/PublicInbox/View.pm b/lib/PublicInbox/View.pm
index 2194981..4360991 100644
--- a/lib/PublicInbox/View.pm
+++ b/lib/PublicInbox/View.pm
@@ -840,13 +840,12 @@ sub emit_topics {
sub emit_index_topics {
my ($state) = @_;
- my $off = $state->{ctx}->{cgi}->param('o');
- $off = 0 unless defined $off;
+ my ($off) = (($state->{ctx}->{cgi}->param('o') || '0') =~ /(\d+)/);
$state->{order} = [];
$state->{subjs} = {};
$state->{latest} = {};
my $max = 25;
- my %opts = ( offset => int $off, limit => $max * 4 );
+ my %opts = ( offset => $off, limit => $max * 4 );
while (scalar @{$state->{order}} < $max) {
my $sres = $state->{srch}->query('', \%opts);
my $nr = scalar @{$sres->{msgs}} or last;
^ permalink raw reply related [relevance 7%]
Results 1-1 of 1 | reverse | options above
-- pct% links below jump to the message on this page, permalinks otherwise --
2016-05-22 20:54 7% [PATCH] www: avoid warnings on bad offsets for Xapian Eric Wong
Code repositories for project(s) associated with this public inbox
https://80x24.org/public-inbox.git
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).