From a00d460ce0dac09cb51a6e1393e24e4c133a7f57 Mon Sep 17 00:00:00 2001
From: Kyle Drake <kyle@kyledrake.net>
Date: Tue, 20 Aug 2024 11:29:38 -0500
Subject: [PATCH] scrub all attempts to do stupid things with page

---
 app.rb | 7 +++++++
 1 file changed, 7 insertions(+)

diff --git a/app.rb b/app.rb
index 55825d25..dc420fce 100644
--- a/app.rb
+++ b/app.rb
@@ -85,6 +85,13 @@ before do
     content_type :html, 'charset' => 'utf-8'
     redirect '/' if request.post? && !csrf_safe?
   end
+
+  if params[:page]
+    params[:page] = params[:page].to_s
+    unless params[:page] =~ /^\d+$/ && params[:page].to_i > 0
+      params[:page] = '1'
+    end
+  end
 end
 
 after do