Skip site navigation (1)Skip section navigation (2) 
Date:      Sun, 8 Oct 2006 10:50:22 GMT
From:      Ceri Davies <ceri@submonkey.net>
To:        freebsd-www@FreeBSD.org
Subject:   Re: www/104131: it's impossible to search for 'category/port' using PR web interface (http://www.freebsd.org/cgi/query-pr-summary.cgi?query) fails with
Message-ID:  <200610081050.k98AoM5p005095@freefall.freebsd.org>
next in thread | raw e-mail | index | archive | help 
The following reply was made to PR www/104131; it has been noted by GNATS.

From: Ceri Davies <ceri@submonkey.net>
To: FreeBSD Gnats Submit <freebsd-gnats-submit@FreeBSD.org>
Cc:  
Subject: Re: www/104131: it's impossible to search for 'category/port' using PR web interface (http://www.freebsd.org/cgi/query-pr-summary.cgi?query) fails with
Date: Sun, 8 Oct 2006 11:45:24 +0100

 On Sat, Oct 07, 2006 at 07:48:30PM +0000, trasz wrote:
 
 > It's impossible to search for PRs for, say, editors/vim port, by putting 'editors/vim'
 > into 'Text in single-line fields:' field.  It complains about invalid characters in filter
 > and returns all the PRs in the database.
 
 Here's the patch.  I don't see how it could cause a problem, but simon
 will probably want to look at it.
 
 Ceri
 
 Index: query-pr-summary.cgi
 ===================================================================
 RCS file: /home/dcvs/www/en/cgi/query-pr-summary.cgi,v
 retrieving revision 1.56
 diff -u -r1.56 query-pr-summary.cgi
 --- query-pr-summary.cgi	24 Sep 2006 13:34:55 -0000	1.56
 +++ query-pr-summary.cgi	8 Oct 2006 10:43:55 -0000
 @@ -276,14 +276,14 @@
  		# Check if the arguments provided by user are secure.
  		# This is required to be able to run this script in
  		# taint mode (perl -T)
 -		if ($input{$_} =~ /^([-^'\[\]\@\s\w.]+)$/) {
 +		if ($input{$_} =~ /^([-^'\/\[\]\@\s\w.]+)$/) {
  			$d = $1;
  			$d =~ s/^"(.*)"$/$&/;
  			$d =~ s/'/\\'/;
  			$query_args .= " --${_}='$d'";
  		} else {
  			print "Insecure data in ${_}! Ignoring this filter.<br />".
 -			      "Only alphanumeric characters and ', -, [, ], ^, @ are allowed.";
 +			      "Only alphanumeric characters and ', /,-, [, ], ^, @ are allowed.";
  		}
  	}
  }

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200610081050.k98AoM5p005095>