From 955c52b5bb0a14dc7be225cb92f450e69bb88bf4 Mon Sep 17 00:00:00 2001
From: joshua stein <jcs@jcs.org>
Date: Sun, 31 Jul 2016 12:36:28 -0500
Subject: [PATCH] clamp pagination

avoids a sql error when trying to offset a huge number
---
 app/controllers/comments_controller.rb    | 8 +++++---
 app/controllers/home_controller.rb        | 8 +++++++-
 app/controllers/moderations_controller.rb | 9 ++++-----
 3 files changed, 16 insertions(+), 9 deletions(-)

diff --git a/app/controllers/comments_controller.rb b/app/controllers/comments_controller.rb
index 1838008..68a05b0 100644
--- a/app/controllers/comments_controller.rb
+++ b/app/controllers/comments_controller.rb
@@ -201,9 +201,11 @@ class CommentsController < ApplicationController
     @heading = @title = "Newest Comments"
     @cur_url = "/comments"
 
-    @page = 1
-    if params[:page].to_i > 0
-      @page = params[:page].to_i
+    @page = params[:page].to_i
+    if @page == 0
+      @page = 1
+    elsif @page < 0 || @page > (2 ** 32)
+      raise ActionController::RoutingError.new("page out of bounds")
     end
 
     @comments = Comment.where(
diff --git a/app/controllers/home_controller.rb b/app/controllers/home_controller.rb
index 92484d2..88c7300 100644
--- a/app/controllers/home_controller.rb
+++ b/app/controllers/home_controller.rb
@@ -224,7 +224,13 @@ private
   end
 
   def page
-    params[:page].to_i > 0 ? params[:page].to_i : 1
+    p = params[:page].to_i
+    if p == 0
+      p = 1
+    elsif p < 0 || p > (2 ** 32)
+      raise ActionController::RoutingError.new("page out of bounds")
+    end
+    p
   end
 
   def paginate(scope)
diff --git a/app/controllers/moderations_controller.rb b/app/controllers/moderations_controller.rb
index b15f94e..b3e5c29 100644
--- a/app/controllers/moderations_controller.rb
+++ b/app/controllers/moderations_controller.rb
@@ -2,13 +2,12 @@ class ModerationsController < ApplicationController
   def index
     @title = t('.moderationlogtitle')
 
-    @page = params[:page] ? params[:page].to_i : 0
     @pages = (Moderation.count / 50).ceil
-
-    if @page < 1
+    @page = params[:page].to_i
+    if @page == 0
       @page = 1
-    elsif @page > @pages
-      @page = @pages
+    elsif @page < 0 || @page > (2 ** 32) || @page > @pages
+      raise ActionController::RoutingError.new("page out of bounds")
     end
 
     @moderations = Moderation.order("id desc").limit(50).offset((@page - 1) *