From 33426c1a5eaeffce0cfec317b697f3265bc522b8 Mon Sep 17 00:00:00 2001
From: aglkm <39521015+aglkm@users.noreply.github.com>
Date: Sun, 19 May 2024 17:37:54 +0300
Subject: [PATCH] Hardening search input

---
 src/main.rs | 11 ++++++-----
 1 file changed, 6 insertions(+), 5 deletions(-)

diff --git a/src/main.rs b/src/main.rs
index feb0e9a..a907f89 100644
--- a/src/main.rs
+++ b/src/main.rs
@@ -138,11 +138,12 @@ async fn kernel(kernel: &str) -> Either<Template, Redirect> {
 // Handling search request.
 #[post("/search", data="<input>")]
 fn search(input: &str) -> Either<Template, Redirect> {
-    // Trim 'search=' from the request data
-    let input = &input[7..].to_lowercase();
-    
-    //Check if input is valid
-    if input.is_empty() == false {
+    //Check input length
+    if input.len() > "search=".len() {
+        // Trim 'search=' from the request data
+        let input = &input[7..].to_lowercase();
+
+        // Check for valid chars
         if input.chars().all(|x| (x >= 'a' && x <= 'f') || (x >= '0' && x <= '9')) == true {
 
             // Block number