From 897d8644c52572fc475ce4061b265acbdbee15f3 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Fr=C3=A9d=C3=A9ric=20Guillot?= <f@miniflux.net>
Date: Wed, 19 Jan 2022 21:18:12 -0800
Subject: [PATCH] Fix incorrect conversion between integer types

---
 http/request/params.go | 16 +++++++++++++++-
 ui/form/settings.go    |  2 +-
 2 files changed, 16 insertions(+), 2 deletions(-)

diff --git a/http/request/params.go b/http/request/params.go
index 5f83aa4b..3c5849ca 100644
--- a/http/request/params.go
+++ b/http/request/params.go
@@ -72,7 +72,21 @@ func QueryStringParamList(r *http.Request, param string) []string {
 
 // QueryIntParam returns a query string parameter as integer.
 func QueryIntParam(r *http.Request, param string, defaultValue int) int {
-	return int(QueryInt64Param(r, param, int64(defaultValue)))
+	value := r.URL.Query().Get(param)
+	if value == "" {
+		return defaultValue
+	}
+
+	val, err := strconv.ParseInt(value, 10, 0)
+	if err != nil {
+		return defaultValue
+	}
+
+	if val < 0 {
+		return defaultValue
+	}
+
+	return int(val)
 }
 
 // QueryInt64Param returns a query string parameter as int64.
diff --git a/ui/form/settings.go b/ui/form/settings.go
index 4305ea91..47a17b2a 100644
--- a/ui/form/settings.go
+++ b/ui/form/settings.go
@@ -74,7 +74,7 @@ func (s *SettingsForm) Validate() error {
 
 // NewSettingsForm returns a new SettingsForm.
 func NewSettingsForm(r *http.Request) *SettingsForm {
-	entriesPerPage, err := strconv.ParseInt(r.FormValue("entries_per_page"), 10, 64)
+	entriesPerPage, err := strconv.ParseInt(r.FormValue("entries_per_page"), 10, 0)
 	if err != nil {
 		entriesPerPage = 0
 	}