From d70f5d3a6d1e856a12536f6191275bf3c3633b6a Mon Sep 17 00:00:00 2001
From: barnold <barnold@tilde.club>
Date: Tue, 20 Sep 2022 10:15:59 +0100
Subject: [PATCH] Add some robustness against bogus parameters.

---
 lib/MyApp/Controller/Book.pm | 37 +++++++++++++++++++++++++++++++++---
 lib/MyModel/Author.pm        |  1 +
 2 files changed, 35 insertions(+), 3 deletions(-)

diff --git a/lib/MyApp/Controller/Book.pm b/lib/MyApp/Controller/Book.pm
index 3ab9b66..9158b2a 100644
--- a/lib/MyApp/Controller/Book.pm
+++ b/lib/MyApp/Controller/Book.pm
@@ -5,39 +5,70 @@ use MyModel::Author;
 
 sub books ($self) {
    my $page_number = $self->param('page_number') // 1;
+   if ($page_number < 1) {
+      $self->redirect_to('not_found');
+      return;
+   }
    my $book_model = MyModel::Book->new(rows_per_page => $self->rpp);
    my $book_page = $book_model->get_page(
       $page_number,
       $self->param('title_like'),
    );
+   my $pager = $book_page->pager;
+   if ($page_number > $pager->last_page) {
+      $self->redirect_to('not_found');
+      return;
+   }
    $self->render(
       book_page => $book_page,
-      pager => $book_page->pager,
+      pager => $pager,
    );
 }
 
 sub authors ($self) {
    my $page_number = $self->param('page_number') // 1;
+   if ($page_number < 1) {
+      $self->redirect_to('not_found');
+      return;
+   }
    my $author_model = MyModel::Author->new(rows_per_page => $self->rpp);;
    my $author_page = $author_model->get_page(
       $page_number,
       $self->param('name_like'),
    );
+   my $pager = $author_page->pager;
+   if ($page_number > $pager->last_page) {
+      $self->redirect_to('not_found');
+      return;
+   }
    $self->render(
       author_page => $author_page,
-      pager => $author_page->pager,
+      pager => $pager,
    );
 }
 
 sub author ($self) {
    my ($id, $page_number) = ($self->param('id'), $self->param('page_number'));
+   if ($page_number < 1) {
+      $self->redirect_to('not_found');
+      return;
+   }
    my ($author, $book_page) = MyModel::Author->new(
       rows_per_page => $self->rpp
    )->find_by_id($id, $page_number);
+   if (!defined $author) {
+      $self->redirect_to('not_found');
+      return;
+   }
+   my $pager = $book_page->pager;
+   if ($page_number > $pager->last_page) {
+      $self->redirect_to('not_found');
+      return;
+   }
    $self->render(
       author => $author,
       book_page => $book_page,
-      pager => $book_page->pager,
+      pager => $pager,
    );
 }
 
diff --git a/lib/MyModel/Author.pm b/lib/MyModel/Author.pm
index 2b3b7ce..b584723 100644
--- a/lib/MyModel/Author.pm
+++ b/lib/MyModel/Author.pm
@@ -21,6 +21,7 @@ sub get_page ($self, $page_number = 1, $name_like = undef) {
 
 sub find_by_id ($self, $id, $page_number = 1) {
    my $author = $self->schema->resultset('Author')->find({ id => $id });
+   return (undef, undef) if (!defined $author);
    my $book_page = $author->books_rs->search(
       undef,
       {  order_by => [ "me.title" ],