www: do not warn on blank query parameters

Sometimes users (or bots) may lead queries with '&' and
trigger uninitialized variable warnings, just ignore them
and give consumers a $ctx->{qp}->{''} entry.

While we're in the area, pass a regexp rather than scalar string
to the `split' perlop to prevent Perl from recompiling the
regexp on every call.

2 files changed, 6 insertions, 3 deletions

diff --git a/lib/PublicInbox/WWW.pm b/lib/PublicInbox/WWW.pm
index 8f4bfd0f..841a7e85 100644
--- a/lib/PublicInbox/WWW.pm
+++ b/lib/PublicInbox/WWW.pm
@@ -50,10 +50,9 @@ sub call {
         %{$ctx->{qp}} = map {
                 utf8::decode($_);
                 tr/+/ /;
-                my ($k, $v) = split('=', $_, 2);
-                $v = uri_unescape($v // '');
+                my ($k, $v) = split(/=/, $_, 2);
                 # none of the keys we care about will need escaping
-                $k => $v;
+                ($k // '', uri_unescape($v // ''))
         } split(/[&;]+/, $env->{QUERY_STRING});
 
         my $path_info = path_info_raw($env);
diff --git a/t/psgi_search.t b/t/psgi_search.t
index d59e439b..5bdd66ed 100644
--- a/t/psgi_search.t
+++ b/t/psgi_search.t
@@ -88,6 +88,10 @@ test_psgi(sub { $www->call(@_) }, sub {
         is($res->code, 200, 'successful search result');
         is_deeply([], $warn, 'no warnings from non-numeric comparison');
 
+        $res = $cb->(GET('/test/?&q=s:test'));
+        is($res->code, 200, 'successful search result');
+        is_deeply([], $warn, 'no warnings from black parameter');
+
         $res = $cb->(POST('/test/?q=s:bogus&x=m'));
         is($res->code, 404, 'failed search result gives 404');
         is_deeply([], $warn, 'no warnings');