From 15eef0ebdb15af80c026302bef250dc7f4417951 Mon Sep 17 00:00:00 2001 From: Alexandre Flament Date: Fri, 20 Jan 2017 18:52:47 +0100 Subject: [enh] validate input and raise an exception inside search.py. The exception message is output in json and rss format. --- searx/search.py | 66 +++++++++++++++++++++++++++++++++++++-------------------- 1 file changed, 43 insertions(+), 23 deletions(-) (limited to 'searx/search.py') diff --git a/searx/search.py b/searx/search.py index e0f0cfd6a..0bb774479 100644 --- a/searx/search.py +++ b/searx/search.py @@ -31,11 +31,16 @@ from searx.query import RawTextQuery, SearchQuery from searx.results import ResultContainer from searx import logger from searx.plugins import plugins +from searx.languages import language_codes +from searx.exceptions import SearxParameterException logger = logger.getChild('search') number_of_searches = 0 +language_code_set = set(l[0].lower() for l in language_codes) +language_code_set.add('all') + def send_http_request(engine, request_params, start_time, timeout_limit): # for page_load_time stats @@ -182,33 +187,13 @@ def default_request_params(): def get_search_query_from_webapp(preferences, form): - query = None - query_engines = [] - query_categories = [] - query_pageno = 1 - query_lang = 'all' - query_time_range = None + # no text for the query ? + if not form.get('q'): + raise SearxParameterException('q', '') # set blocked engines disabled_engines = preferences.engines.get_disabled() - # set specific language if set - query_lang = preferences.get_value('language') - - # safesearch - query_safesearch = preferences.get_value('safesearch') - - # TODO better exceptions - if not form.get('q'): - raise Exception('noquery') - - # set pagenumber - pageno_param = form.get('pageno', '1') - if not pageno_param.isdigit() or int(pageno_param) < 1: - pageno_param = 1 - - query_pageno = int(pageno_param) - # parse query, if tags are set, which change # the serch engine or search-language raw_text_query = RawTextQuery(form['q'], disabled_engines) @@ -217,6 +202,13 @@ def get_search_query_from_webapp(preferences, form): # set query query = raw_text_query.getSearchQuery() + # get and check page number + pageno_param = form.get('pageno', '1') + if not pageno_param.isdigit() or int(pageno_param) < 1: + raise SearxParameterException('pageno', pageno_param) + query_pageno = int(pageno_param) + + # get language # set specific language if set on request, query or preferences # TODO support search with multible languages if len(raw_text_query.languages): @@ -226,10 +218,38 @@ def get_search_query_from_webapp(preferences, form): else: query_lang = preferences.get_value('language') + # check language + if query_lang not in language_code_set: + raise SearxParameterException('language', query_lang) + + # get safesearch + if 'safesearch' in form: + query_safesearch = form.get('safesearch') + # first check safesearch + if not query_safesearch.isdigit(): + raise SearxParameterException('safesearch', query_safesearch) + query_safesearch = int(query_safesearch) + else: + query_safesearch = preferences.get_value('safesearch') + + # safesearch : second check + if query_safesearch < 0 or query_safesearch > 2: + raise SearxParameterException('safesearch', query_safesearch) + + # get time_range query_time_range = form.get('time_range') + # check time_range + if not(query_time_range is None)\ + and not (query_time_range in ['', 'day', 'week', 'month', 'year']): + raise SearxParameterException('time_range', query_time_range) + + # query_engines query_engines = raw_text_query.engines + # query_categories + query_categories = [] + # if engines are calculated from query, # set categories by using that informations if query_engines and raw_text_query.specific: -- cgit v1.2.3-54-g00ecf From 2522254fb2d44e36fe556765fb0b5c851583f05f Mon Sep 17 00:00:00 2001 From: Adam Tauber Date: Sat, 21 Jan 2017 20:13:18 +0100 Subject: [fix] search time range value check --- searx/search.py | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) (limited to 'searx/search.py') diff --git a/searx/search.py b/searx/search.py index 0bb774479..0cb53c418 100644 --- a/searx/search.py +++ b/searx/search.py @@ -240,8 +240,7 @@ def get_search_query_from_webapp(preferences, form): query_time_range = form.get('time_range') # check time_range - if not(query_time_range is None)\ - and not (query_time_range in ['', 'day', 'week', 'month', 'year']): + if query_time_range not in [None, '', 'day', 'week', 'month', 'year']: raise SearxParameterException('time_range', query_time_range) # query_engines -- cgit v1.2.3-54-g00ecf From e7aa98902f531b12adc26f7d3ee8c32a2e3d6bc1 Mon Sep 17 00:00:00 2001 From: Adam Tauber Date: Sat, 21 Jan 2017 20:21:32 +0100 Subject: [fix] correct search parameter check --- searx/search.py | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) (limited to 'searx/search.py') diff --git a/searx/search.py b/searx/search.py index 0cb53c418..1da3c17a8 100644 --- a/searx/search.py +++ b/searx/search.py @@ -219,7 +219,7 @@ def get_search_query_from_webapp(preferences, form): query_lang = preferences.get_value('language') # check language - if query_lang not in language_code_set: + if query_lang.lower() not in language_code_set: raise SearxParameterException('language', query_lang) # get safesearch @@ -240,7 +240,7 @@ def get_search_query_from_webapp(preferences, form): query_time_range = form.get('time_range') # check time_range - if query_time_range not in [None, '', 'day', 'week', 'month', 'year']: + if query_time_range not in ('None', None, '', 'day', 'week', 'month', 'year'): raise SearxParameterException('time_range', query_time_range) # query_engines -- cgit v1.2.3-54-g00ecf