From 7099bc752962b3b24aaf1d4f3088873841afdf03 Mon Sep 17 00:00:00 2001 From: Darren 'Tadgy' Austin Date: Sun, 11 Aug 2024 17:43:07 +0100 Subject: [PATCH] Don't allow non digits in l=. --- cgi-bin/searchapi.cgi | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/cgi-bin/searchapi.cgi b/cgi-bin/searchapi.cgi index 3f6fce7..6587970 100755 --- a/cgi-bin/searchapi.cgi +++ b/cgi-bin/searchapi.cgi @@ -75,8 +75,8 @@ else # Adjust 'QS_q' for the locate command by wrapping search elements in *. QS_q="*${QS_q// /* *}*" - # Adjust 'QS_l' to not go over maximum limit of results, or use default if not supplied. - [[ -z "$QS_l" ]] && QS_l="$DEF_RESULTS" + # Adjust 'QS_l' to not go over maximum limit of results, or use default if not supplied or invalid. + [[ -z "$QS_l" ]] || [[ ! "$QS_l" =~ ^[[:digit:]]+$ ]] && QS_l="$DEF_RESULTS" (( QS_l > MAX_RESULTS )) && QS_l="$MAX_RESULTS" # Give success status as checks have passed.