From e611886235f78ab7a25ea00438a4524e274a27bd Mon Sep 17 00:00:00 2001
From: Danny Lin <danny0838@gmail.com>
Date: Mon, 10 Apr 2023 19:33:35 +0800
Subject: [PATCH] Prevent bad input for sort: and limit:

---
 .../themes/default/templates/static_search.html  | 16 +++++++++++-----
 1 file changed, 11 insertions(+), 5 deletions(-)

diff --git a/webscrapbook/themes/default/templates/static_search.html b/webscrapbook/themes/default/templates/static_search.html
index 98b1b557..e982b06c 100644
--- a/webscrapbook/themes/default/templates/static_search.html
+++ b/webscrapbook/themes/default/templates/static_search.html
@@ -494,7 +494,7 @@
       error: [],
       rules: {},
       sorts: [],
-      limit: null,
+      limit: 0,
       books: {
         include: [],
         exclude: [],
@@ -523,21 +523,27 @@
         case "content":
           query.sorts.push({key: "fulltext", subkey: key, order});
           break;
-        default:
+        case "title": case "comment": case "file": case "source":
+        case "type": case "create": case "modify":
           query.sorts.push({key: "meta", subkey: key, order});
           break;
+        default:
+          addError("Invalid sort: " + key);
+          break;
       }
     };
 
     const setLimit = (value, positive) => {
       if (!positive) {
-        query.limit = null;
+        query.limit = 0;
         return; 
       }
 
-      const newValue = parseInt(value);
-      if (!Number.isNaN(newValue)) {
+      const newValue = parseInt(value, 10);
+      if (Number.isInteger(newValue)) {
         query.limit = newValue;
+      } else {
+        addError("Invalid limit: " + value);
       }
     };