From f121eff48b32c2da1ed009ba9985e86de905b213 Mon Sep 17 00:00:00 2001
From: bluesaxman <bluesaxman@murkfall.net>
Date: Fri, 7 May 2021 14:50:23 -0600
Subject: [PATCH] Added ; check in cleaning function to help prevent injection
 attacks

---
 shomble/get.pl | 8 ++++----
 1 file changed, 4 insertions(+), 4 deletions(-)

diff --git a/shomble/get.pl b/shomble/get.pl
index c4121ed..09e18e8 100755
--- a/shomble/get.pl
+++ b/shomble/get.pl
@@ -35,9 +35,9 @@ sub soft_die {
 sub clean_input {
 	my $input = shift;
 	unless ($input) { return ""; }
-	if ($input =~ m!%2F!) { print "Location: /hax\r\n\r\n"; exit; }
 	$input =~ s!%(..)!chr hex $1!ge;
 	$input =~ s!\+! !g;
+	$input =~ s!;!\;!g; #antivaxx
 	return $input;
 }
 
@@ -55,9 +55,9 @@ if ( "rand" eq $directive ) {
 	$sth = $db->prepare('SELECT * FROM posts ORDER BY DATE DESC LIMIT 1');
 } elsif ( "range" eq $directive ) {
 	# select range starting with lastest as 1
-	my $low = $get_params[0];
-	my $high = $get_params[1];
-	$sth = $db->prepare('SELECT * FROM posts ORDER BY DATE DESC LIMIT '.$low.', '.$high);
+	my $start = $get_params[0];
+	my $count = $get_params[1];
+	$sth = $db->prepare('SELECT * FROM posts ORDER BY DATE DESC LIMIT '.$start.', '.$count);
 } else {
 	# select the last 10 posts
 	$sth = $db->prepare('SELECT * FROM posts ORDER BY DATE DESC LIMIT 10');