From b5e9f37450c533d7fdc5bd08f26611f7ff084f5c Mon Sep 17 00:00:00 2001
From: rr- <rr-@sakuya.pl>
Date: Thu, 14 Apr 2016 21:11:38 +0200
Subject: [PATCH] server/search: protect against weird page numbers

---
 server/szurubooru/search/search_executor.py               | 2 ++
 server/szurubooru/tests/search/test_user_search_config.py | 3 +++
 2 files changed, 5 insertions(+)

diff --git a/server/szurubooru/search/search_executor.py b/server/szurubooru/search/search_executor.py
index 8cbd6c38..992a4a65 100644
--- a/server/szurubooru/search/search_executor.py
+++ b/server/szurubooru/search/search_executor.py
@@ -20,6 +20,8 @@ class SearchExecutor(object):
         Parse input and return tuple containing total record count and filtered
         entities.
         '''
+        page = max(1, int(page))
+        page_size = max(1, int(page_size))
         filter_query = self._prepare(session, query_text)
         entities = filter_query \
             .offset((page - 1) * page_size).limit(page_size).all()
diff --git a/server/szurubooru/tests/search/test_user_search_config.py b/server/szurubooru/tests/search/test_user_search_config.py
index c151cd55..c3a9ce84 100644
--- a/server/szurubooru/tests/search/test_user_search_config.py
+++ b/server/szurubooru/tests/search/test_user_search_config.py
@@ -134,6 +134,9 @@ class TestUserSearchExecutor(DatabaseTestCase):
         self.session.add(util.mock_user('u2'))
         self._test('', 1, 1, 2, ['u1'])
         self._test('', 2, 1, 2, ['u2'])
+        self._test('', 3, 1, 2, [])
+        self._test('', 0, 1, 2, ['u1'])
+        self._test('', 0, 0, 2, ['u1'])
 
     def test_order_by_name(self):
         self.session.add(util.mock_user('u2'))