www: do not warn on blank query parameters

Sometimes users (or bots) may lead queries with '&' and
trigger uninitialized variable warnings, just ignore them
and give consumers a $ctx->{qp}->{''} entry.

While we're in the area, pass a regexp rather than scalar string
to the `split' perlop to prevent Perl from recompiling the
regexp on every call.

diff --git a/lib/PublicInbox/WWW.pm b/lib/PublicInbox/WWW.pm
index 8f4bfd0f36bf293b9df1b89a2d74229b195e4bf0..841a7e8590c493e6523b355394a66617054e9546 100644 (file)
--- a/lib/PublicInbox/WWW.pm
+++ b/lib/PublicInbox/WWW.pm
@@ -50,10 +50,9 @@ sub call {
        %{$ctx->{qp}} = map {
                utf8::decode($_);
                tr/+/ /;
-               my ($k, $v) = split('=', $_, 2);
-               $v = uri_unescape($v // '');
+               my ($k, $v) = split(/=/, $_, 2);
                # none of the keys we care about will need escaping
-               $k => $v;
+               ($k // '', uri_unescape($v // ''))
        } split(/[&;]+/, $env->{QUERY_STRING});
 
        my $path_info = path_info_raw($env);

diff --git a/t/psgi_search.t b/t/psgi_search.t
index d59e439b124777a53e7f9d07d56348a0d096f2e3..5bdd66edf2bee703e68fd5646d34cc4821dd6d54 100644 (file)
--- a/t/psgi_search.t
+++ b/t/psgi_search.t
@@ -88,6 +88,10 @@ test_psgi(sub { $www->call(@_) }, sub {
        is($res->code, 200, 'successful search result');
        is_deeply([], $warn, 'no warnings from non-numeric comparison');
 
+       $res = $cb->(GET('/test/?&q=s:test'));
+       is($res->code, 200, 'successful search result');
+       is_deeply([], $warn, 'no warnings from black parameter');
+
        $res = $cb->(POST('/test/?q=s:bogus&x=m'));
        is($res->code, 404, 'failed search result gives 404');
        is_deeply([], $warn, 'no warnings');