diff options
author | Eric Wong <e@80x24.org> | 2016-05-22 20:44:34 +0000 |
---|---|---|
committer | Eric Wong <e@80x24.org> | 2016-05-22 20:44:34 +0000 |
commit | 2ab19b9e259dfef9eb78a8efc42ef2453126417b (patch) | |
tree | f93bf39535f1396aa9667c32615fea530bf6edae /lib/PublicInbox/SearchView.pm | |
parent | 80bcb77099c2d3d7179c4f2f3ffac2b8083c3bb5 (diff) | |
download | public-inbox-2ab19b9e259dfef9eb78a8efc42ef2453126417b.tar.gz |
The offset argument must be an integer for Xapian, however users (or bots) type the darndest things. AFAIK this has no security implications besides triggering a warning (which could lead to out-of-space-errors)
Diffstat (limited to 'lib/PublicInbox/SearchView.pm')
-rw-r--r-- | lib/PublicInbox/SearchView.pm | 3 |
1 files changed, 2 insertions, 1 deletions
diff --git a/lib/PublicInbox/SearchView.pm b/lib/PublicInbox/SearchView.pm index c0cd1ffd..e3dc22f7 100644 --- a/lib/PublicInbox/SearchView.pm +++ b/lib/PublicInbox/SearchView.pm @@ -263,10 +263,11 @@ use PublicInbox::Hval; sub new { my ($class, $cgi) = @_; my $r = $cgi->param('r'); + my ($off) = (($cgi->param('o') || '0') =~ /(\d+)/); bless { q => $cgi->param('q'), x => $cgi->param('x') || '', - o => int($cgi->param('o') || 0) || 0, + o => $off, r => (defined $r && $r ne '0'), }, $class; } |