fix: block single-character queries
Alan Pearce alan@alanpearce.eu
Sun, 23 Mar 2025 22:59:05 +0100
2 files changed, 7 insertions(+), 0 deletions(-)
M internal/components/search.go → internal/components/search.go
@@ -19,6 +19,7 @@ ), Input( ID("query"), Aria("labelledby", "legend"), + MinLength("2"), Name("query"), Type("search"), Value(r.Query),
M internal/server/mux.go → internal/server/mux.go
@@ -96,6 +96,12 @@ if r.URL.Query().Has("query") { qs := r.URL.Query().Get("query") + if len(qs) < 2 { + errorHandler(w, r, "Query too short", http.StatusBadRequest) + + return + } + var pageSize int = search.DefaultPageSize var pageNumber = 1 if pg := r.URL.Query().Get("page"); pg != "" {