Sometimes users (or bots) may lead queries with '&' and
trigger uninitialized variable warnings, just ignore them
and give consumers a $ctx->{qp}->{''} entry.
While we're in the area, pass a regexp rather than scalar string
to the `split' perlop to prevent Perl from recompiling the
regexp on every call.
---
lib/PublicInbox/WWW.pm | 5 ++---
t/psgi_search.t | 4 ++++
2 files changed, 6 insertions(+), 3 deletions(-)
diff --git a/lib/PublicInbox/WWW.pm b/lib/PublicInbox/WWW.pm
index 8f4bfd0f..841a7e85 100644
--- a/lib/PublicInbox/WWW.pm
+++ b/lib/PublicInbox/WWW.pm
@@ -50,10 +50,9 @@ sub call {
%{$ctx->{qp}} = map {
utf8::decode($_);
tr/+/ /;
- my ($k, $v) = split('=', $_, 2);
- $v = uri_unescape($v // '');
+ my ($k, $v) = split(/=/, $_, 2);
# none of the keys we care about will need escaping
- $k => $v;
+ ($k // '', uri_unescape($v // ''))
} split(/[&;]+/, $env->{QUERY_STRING});
my $path_info = path_info_raw($env);
diff --git a/t/psgi_search.t b/t/psgi_search.t
index d59e439b..5bdd66ed 100644
--- a/t/psgi_search.t
+++ b/t/psgi_search.t
@@ -88,6 +88,10 @@ test_psgi(sub { $www->call(@_) }, sub {
is($res->code, 200, 'successful search result');
is_deeply([], $warn, 'no warnings from non-numeric comparison');
+ $res = $cb->(GET('/test/?&q=s:test'));
+ is($res->code, 200, 'successful search result');
+ is_deeply([], $warn, 'no warnings from black parameter');
+
$res = $cb->(POST('/test/?q=s:bogus&x=m'));
is($res->code, 404, 'failed search result gives 404');
is_deeply([], $warn, 'no warnings');
--
unsubscribe: one-click, see List-Unsubscribe header
archive: https://public-inbox.org/meta/
