diff options
author | Eric Wong <e@80x24.org> | 2016-05-22 20:44:34 +0000 |
---|---|---|
committer | Eric Wong <e@80x24.org> | 2016-05-22 20:44:34 +0000 |
commit | 2ab19b9e259dfef9eb78a8efc42ef2453126417b (patch) | |
tree | f93bf39535f1396aa9667c32615fea530bf6edae /lib | |
parent | 80bcb77099c2d3d7179c4f2f3ffac2b8083c3bb5 (diff) | |
download | public-inbox-2ab19b9e259dfef9eb78a8efc42ef2453126417b.tar.gz |
The offset argument must be an integer for Xapian, however users (or bots) type the darndest things. AFAIK this has no security implications besides triggering a warning (which could lead to out-of-space-errors)
Diffstat (limited to 'lib')
-rw-r--r-- | lib/PublicInbox/SearchView.pm | 3 | ||||
-rw-r--r-- | lib/PublicInbox/View.pm | 5 |
2 files changed, 4 insertions, 4 deletions
diff --git a/lib/PublicInbox/SearchView.pm b/lib/PublicInbox/SearchView.pm index c0cd1ffd..e3dc22f7 100644 --- a/lib/PublicInbox/SearchView.pm +++ b/lib/PublicInbox/SearchView.pm @@ -263,10 +263,11 @@ use PublicInbox::Hval; sub new { my ($class, $cgi) = @_; my $r = $cgi->param('r'); + my ($off) = (($cgi->param('o') || '0') =~ /(\d+)/); bless { q => $cgi->param('q'), x => $cgi->param('x') || '', - o => int($cgi->param('o') || 0) || 0, + o => $off, r => (defined $r && $r ne '0'), }, $class; } diff --git a/lib/PublicInbox/View.pm b/lib/PublicInbox/View.pm index 21949812..43609914 100644 --- a/lib/PublicInbox/View.pm +++ b/lib/PublicInbox/View.pm @@ -840,13 +840,12 @@ sub emit_topics { sub emit_index_topics { my ($state) = @_; - my $off = $state->{ctx}->{cgi}->param('o'); - $off = 0 unless defined $off; + my ($off) = (($state->{ctx}->{cgi}->param('o') || '0') =~ /(\d+)/); $state->{order} = []; $state->{subjs} = {}; $state->{latest} = {}; my $max = 25; - my %opts = ( offset => int $off, limit => $max * 4 ); + my %opts = ( offset => $off, limit => $max * 4 ); while (scalar @{$state->{order}} < $max) { my $sres = $state->{srch}->query('', \%opts); my $nr = scalar @{$sres->{msgs}} or last; |