Improve query string parsing.

2 files changed, 11 insertions, 21 deletions

diff --git a/README.txt b/README.txt
index 5745bb8..5f799c4 100644
--- a/README.txt
+++ b/README.txt
@@ -16,3 +16,6 @@ Checking CGI script errors in chroot:
 
 # chroot /var/www/ htdocs/www.asciimx.com/cgi-bin/find.cgi
 
+Search Perl deps:
+
+# pkg_add p5-HTML-Escape
diff --git a/cgi-bin/find.cgi b/cgi-bin/find.cgi
index ff243c8..f3f68f5 100644
--- a/cgi-bin/find.cgi
+++ b/cgi-bin/find.cgi
@@ -1,31 +1,18 @@
 #!/usr/bin/perl
 
+use Encode qw(decode_utf8);
+
 use File::Find;
+use HTML::Escape qw(escape_html);
 
-sub escape_html {
-    my $str = shift;
-    $str =~ s/&/&/g;
-    $str =~ s/</&lt;/g;
-    $str =~ s/>/&gt;/g;
-    $str =~ s/"/&quot;/g;
-    $str =~ s/'/&#39;/g;
-    return $str;
-}
+my $search_text = '';
 
-my %params;
-if ($ENV{QUERY_STRING}) {
-    foreach my $pair (split /&/, $ENV{QUERY_STRING}) {
-        my ($key, $value) = split /=/, $pair;
-        $value =~ tr/+/ /;
-        $value =~ s/%([a-fA-F0-9][a-fA-F0-9])/pack("C", hex($1))/eg;
-        $params{$key} = $value;
-    }
+if ($ENV{QUERY_STRING} =~ /^q=([^&]*)/) {
+    $search_text = decode_utf8($1 // "");
+    $search_text =~ s/\P{Print}//g;  # toss any non-printable utf-8 characters
+    $search_text = substr($search_text, 0, 64);
 }
 
-my $search_text = $params{'q'} || '';
-$search_text = substr($search_text, 0, 64);
-$search_text =~ s/[^a-zA-Z0-9 ]//g; 
-
 my $directory   = '../_site/log/'; 
 my @results;