www: avoid warnings on bad offsets for Xapian

The offset argument must be an integer for Xapian,
however users (or bots) type the darndest things.

AFAIK this has no security implications besides triggering
a warning (which could lead to out-of-space-errors)

diff --git a/lib/PublicInbox/SearchView.pm b/lib/PublicInbox/SearchView.pm
index c0cd1ffd6ec6dd0dda984806ca872ba0b61d6b47..e3dc22f7a60da083587528349837f59536d38219 100644 (file)
--- a/lib/PublicInbox/SearchView.pm
+++ b/lib/PublicInbox/SearchView.pm
@@ -263,10 +263,11 @@ use PublicInbox::Hval;
 sub new {
        my ($class, $cgi) = @_;
        my $r = $cgi->param('r');
+       my ($off) = (($cgi->param('o') || '0') =~ /(\d+)/);
        bless {
                q => $cgi->param('q'),
                x => $cgi->param('x') || '',
-               o => int($cgi->param('o') || 0) || 0,
+               o => $off,
                r => (defined $r && $r ne '0'),
        }, $class;
 }

diff --git a/lib/PublicInbox/View.pm b/lib/PublicInbox/View.pm
index 21949812d5789131bb6bba536ed582e334c38edb..43609914c26a35ee9756c0245547565c367f09d2 100644 (file)
--- a/lib/PublicInbox/View.pm
+++ b/lib/PublicInbox/View.pm
@@ -840,13 +840,12 @@ sub emit_topics {
 
 sub emit_index_topics {
        my ($state) = @_;
-       my $off = $state->{ctx}->{cgi}->param('o');
-       $off = 0 unless defined $off;
+       my ($off) = (($state->{ctx}->{cgi}->param('o') || '0') =~ /(\d+)/);
        $state->{order} = [];
        $state->{subjs} = {};
        $state->{latest} = {};
        my $max = 25;
-       my %opts = ( offset => int $off, limit => $max * 4 );
+       my %opts = ( offset => $off, limit => $max * 4 );
        while (scalar @{$state->{order}} < $max) {
                my $sres = $state->{srch}->query('', \%opts);
                my $nr = scalar @{$sres->{msgs}} or last;