diff options
author | Eric Wong <e@80x24.org> | 2021-06-23 07:14:22 -0400 |
---|---|---|
committer | Eric Wong <e@80x24.org> | 2021-06-23 19:24:50 +0000 |
commit | 5ef37f4a13e2be711ef074dc2cd9994005273117 (patch) | |
tree | 81a59f35839a7f6e0433de2b1f299706c1760c51 | |
parent | 520be116e8a686cb223b48fad1de29201dee45be (diff) | |
download | public-inbox-5ef37f4a13e2be711ef074dc2cd9994005273117.tar.gz |
Sometimes users (or bots) may lead queries with '&' and trigger uninitialized variable warnings, just ignore them and give consumers a $ctx->{qp}->{''} entry. While we're in the area, pass a regexp rather than scalar string to the `split' perlop to prevent Perl from recompiling the regexp on every call.
-rw-r--r-- | lib/PublicInbox/WWW.pm | 5 | ||||
-rw-r--r-- | t/psgi_search.t | 4 |
2 files changed, 6 insertions, 3 deletions
diff --git a/lib/PublicInbox/WWW.pm b/lib/PublicInbox/WWW.pm index 8f4bfd0f..841a7e85 100644 --- a/lib/PublicInbox/WWW.pm +++ b/lib/PublicInbox/WWW.pm @@ -50,10 +50,9 @@ sub call { %{$ctx->{qp}} = map { utf8::decode($_); tr/+/ /; - my ($k, $v) = split('=', $_, 2); - $v = uri_unescape($v // ''); + my ($k, $v) = split(/=/, $_, 2); # none of the keys we care about will need escaping - $k => $v; + ($k // '', uri_unescape($v // '')) } split(/[&;]+/, $env->{QUERY_STRING}); my $path_info = path_info_raw($env); diff --git a/t/psgi_search.t b/t/psgi_search.t index d59e439b..5bdd66ed 100644 --- a/t/psgi_search.t +++ b/t/psgi_search.t @@ -88,6 +88,10 @@ test_psgi(sub { $www->call(@_) }, sub { is($res->code, 200, 'successful search result'); is_deeply([], $warn, 'no warnings from non-numeric comparison'); + $res = $cb->(GET('/test/?&q=s:test')); + is($res->code, 200, 'successful search result'); + is_deeply([], $warn, 'no warnings from black parameter'); + $res = $cb->(POST('/test/?q=s:bogus&x=m')); is($res->code, 404, 'failed search result gives 404'); is_deeply([], $warn, 'no warnings'); |