From 7375a6b8c6ac05f79755e27afeb3062d027c37f2 Mon Sep 17 00:00:00 2001 From: Sadeep Madurange Date: Thu, 1 Jan 2026 18:33:54 +0800 Subject: Optimize search and add guards. --- cgi-bin/find.cgi | 150 +++++++++++++++++++++++++++++++++++-------------------- 1 file changed, 95 insertions(+), 55 deletions(-) (limited to 'cgi-bin/find.cgi') diff --git a/cgi-bin/find.cgi b/cgi-bin/find.cgi index fc1d4af..3e5c8a2 100644 --- a/cgi-bin/find.cgi +++ b/cgi-bin/find.cgi @@ -1,86 +1,124 @@ #!/usr/bin/perl +use strict; +use warnings; +use Storable qw(retrieve); use Encode qw(decode_utf8); use HTML::Escape qw(escape_html); -my $search_text = ''; +# Configuration +my $max_parallel = 50; # max no. of parallel searches +my $lock_timeout = 30; # drop stale locks after this many seconds +my $max_results = 20; # max search results +my $min_query_len = 3; # min query length to avoid matching 'a', 'e' +my $index_file = 'search_index.dat'; # index file +my $lock_dir = '/tmp/search_locks'; # lock file directory + +# Concurrency control +mkdir $lock_dir, 0777 unless -d $lock_dir; +my $active_count = 0; +my $now = time(); + +opendir(my $dh, $lock_dir); +while (my $file = readdir($dh)) { + next unless $file =~ /\.lock$/; + my $path = "$lock_dir/$file"; + my $mtime = (stat($path))[9] || 0; + ( $now - $mtime > $lock_timeout ) ? unlink($path) : $active_count++; +} +closedir($dh); + +# Too many search requests +if ($active_count >= $max_parallel) { + print "Content-Type: text/html\n\n"; + render_html("

Server busy. Please try again in a few seconds.

", "", (localtime)[5]+1900); + exit; +} -if ($ENV{QUERY_STRING} =~ /^q=([^&]*)/) { +my $lock_file = "$lock_dir/$$.lock"; +open(my $fh_lock, '>', $lock_file); + +# Decode search text as utf-8, toss non-printable chars, trim +my $search_text = ''; +if (($ENV{QUERY_STRING} || '') =~ /^q=([^&]*)/) { $search_text = decode_utf8($1 // ""); - $search_text =~ s/\P{Print}//g; # toss any non-printable utf-8 characters + $search_text =~ s/\P{Print}//g; $search_text = substr($search_text, 0, 64); $search_text =~ s/^\s+|\s+$//g; } -my @results; +# Pre-prepare common template variables +my $safe_search_text = escape_html($search_text); +my $year = (localtime)[5] + 1900; -# Search only index.html files inside the first level of subdirectories -my $start_dir = '../log'; -my @files = glob("$start_dir/*/index.html"); +print "Content-Type: text/html\n\n"; -foreach my $path (@files) { - # Skip if the path is a symlink or not a file - next if -l $path || ! -f $path; +# Input validation +if ($search_text eq '') { + final_output("

Please enter a search term above.

"); +} - next unless open(my $fh, '<:utf8', $path); - my $html = do { local $/; <$fh> }; - close($fh); - - my ($text) = $html =~ m|
(.*?)
|is; - $text =~ s|<[^>]+>| |g; - $text =~ s|\s+| |g; +if (length($search_text) < $min_query_len) { + final_output("

Search term is too short. Please enter at least $min_query_len characters.

"); +} + +if (!-f $index_file) { + final_output("

Search temporarily unavailable.

"); +} - next unless $text =~ /(.{0,40})(\Q$search_text\E)(.{0,40})/is; +my $index = retrieve($index_file); +my @results; +my $found = 0; + +foreach my $url (sort keys %$index) { + last if $found >= $max_results; + my $data = $index->{$url}; + + # Grab 80 char snippet to chop at a word boundary later + next unless $data->{c} =~ /(.{0,40})(\Q$search_text\E)(.{0,40})/is; my ($before, $actual, $after) = ($1, $2, $3); + $found++; - # Trim if we cut into the middle of a sentence + # Chop at 25 or word boundary $after =~ s/\s\S*$// if length($after) > 25; $before =~ s/^.*?\s// if length($before) > 25; - if ($before =~ /\S/) { # If before has non-whitespace characters - $before = ucfirst($before); - } else { - $before = ""; # Clear any stray spaces - $actual = ucfirst($actual); - } - - my $safe_before = escape_html($before); - my $safe_actual = escape_html($actual); - my $safe_after = escape_html($after); - my $snippet = "${safe_before}${safe_actual}${safe_after}..."; + $before = ($before =~ /\S/) ? ucfirst($before) : ""; + $actual = ($before eq "") ? ucfirst($actual) : $actual; - my ($title) = $html =~ m|(.*?)|is; - my $safe_title = escape_html($title); - - $path =~ s|^\.\./||; + my $snippet = escape_html($before) . "" . escape_html($actual) . "" . escape_html($after) . "..."; push @results, { - path => $path, - title => $safe_title, + path => $url, + title => escape_html($data->{t}), snippet => $snippet }; } -print "Content-Type: text/html\n\n"; - -my $list; -if ($search_text eq '') { - $list = "

Please enter a search term above.

"; -} elsif (@results == 0) { - $list = "

No results found for \"$search_text\".

"; +# Format results list +my $list_html = ""; +if (@results == 0) { + $list_html = "

No results found for \"$safe_search_text\".

"; } else { - $list = ""; + $list_html = ""; } -my $safe_search_text = escape_html($search_text); -my $year = (localtime)[5] + 1900; +final_output($list_html); -print <<"HTML"; +# Helper to ensure layout is always preserved +sub final_output { + my ($content) = @_; + render_html($content, $safe_search_text, $year); + close($fh_lock) if $fh_lock; + unlink($lock_file) if -f $lock_file; + exit; +} + +sub render_html { + my ($content, $q_val, $yr) = @_; + print <<"HTML"; @@ -105,19 +143,21 @@ print <<"HTML";

Search

- +
- $list + $content
-

© ASCIIMX - $year

+

© ASCIIMX - $yr

HTML +} + -- cgit v1.2.3