The offset argument must be an integer for Xapian,
however users (or bots) type the darndest things.
AFAIK this has no security implications besides triggering
a warning (which could lead to out-of-space-errors)
sub new {
my ($class, $cgi) = @_;
my $r = $cgi->param('r');
+ my ($off) = (($cgi->param('o') || '0') =~ /(\d+)/);
bless {
q => $cgi->param('q'),
x => $cgi->param('x') || '',
- o => int($cgi->param('o') || 0) || 0,
+ o => $off,
r => (defined $r && $r ne '0'),
}, $class;
}
sub emit_index_topics {
my ($state) = @_;
- my $off = $state->{ctx}->{cgi}->param('o');
- $off = 0 unless defined $off;
+ my ($off) = (($state->{ctx}->{cgi}->param('o') || '0') =~ /(\d+)/);
$state->{order} = [];
$state->{subjs} = {};
$state->{latest} = {};
my $max = 25;
- my %opts = ( offset => int $off, limit => $max * 4 );
+ my %opts = ( offset => $off, limit => $max * 4 );
while (scalar @{$state->{order}} < $max) {
my $sres = $state->{srch}->query('', \%opts);
my $nr = scalar @{$sres->{msgs}} or last;