Several server-rendered public listing pages parse searchParams.page directly with parseInt before deriving Supabase .range() offsets.
Affected pages include:
/gigs/for-hire/directory/mcp/skills/prompts/affiliates
Repro
/gigs?page=-1
/prompts?page=abc
/affiliates?page=999999999
Observed from the page code:
- negative page values can produce negative Supabase ranges,
- non-numeric values can produce
NaN ranges,
- huge values can produce runaway offsets.
Expected
Normalize page query values through a shared bounded parser before computing offsets, matching the recent API/query-helper pagination hardening.
Several server-rendered public listing pages parse
searchParams.pagedirectly withparseIntbefore deriving Supabase.range()offsets.Affected pages include:
/gigs/for-hire/directory/mcp/skills/prompts/affiliatesRepro
Observed from the page code:
NaNranges,Expected
Normalize page query values through a shared bounded parser before computing offsets, matching the recent API/query-helper pagination hardening.