From: Eric Wong Date: Wed, 23 Jun 2021 11:14:22 +0000 (-0400) Subject: www: do not warn on blank query parameters X-Git-Tag: v1.7.0~572 X-Git-Url: http://www.git.stargrave.org/?a=commitdiff_plain;h=5ef37f4a13e2be711ef074dc2cd9994005273117;p=public-inbox.git www: do not warn on blank query parameters Sometimes users (or bots) may lead queries with '&' and trigger uninitialized variable warnings, just ignore them and give consumers a $ctx->{qp}->{''} entry. While we're in the area, pass a regexp rather than scalar string to the `split' perlop to prevent Perl from recompiling the regexp on every call. --- diff --git a/lib/PublicInbox/WWW.pm b/lib/PublicInbox/WWW.pm index 8f4bfd0f..841a7e85 100644 --- a/lib/PublicInbox/WWW.pm +++ b/lib/PublicInbox/WWW.pm @@ -50,10 +50,9 @@ sub call { %{$ctx->{qp}} = map { utf8::decode($_); tr/+/ /; - my ($k, $v) = split('=', $_, 2); - $v = uri_unescape($v // ''); + my ($k, $v) = split(/=/, $_, 2); # none of the keys we care about will need escaping - $k => $v; + ($k // '', uri_unescape($v // '')) } split(/[&;]+/, $env->{QUERY_STRING}); my $path_info = path_info_raw($env); diff --git a/t/psgi_search.t b/t/psgi_search.t index d59e439b..5bdd66ed 100644 --- a/t/psgi_search.t +++ b/t/psgi_search.t @@ -88,6 +88,10 @@ test_psgi(sub { $www->call(@_) }, sub { is($res->code, 200, 'successful search result'); is_deeply([], $warn, 'no warnings from non-numeric comparison'); + $res = $cb->(GET('/test/?&q=s:test')); + is($res->code, 200, 'successful search result'); + is_deeply([], $warn, 'no warnings from black parameter'); + $res = $cb->(POST('/test/?q=s:bogus&x=m')); is($res->code, 404, 'failed search result gives 404'); is_deeply([], $warn, 'no warnings');