www/104131: it's impossible to search for 'category/port' using
PR web interface
(http://www.freebsd.org/cgi/query-pr-summary.cgi?query) fails with
Ceri Davies
ceri at submonkey.net
Sun Oct 8 03:50:23 PDT 2006
The following reply was made to PR www/104131; it has been noted by GNATS.
From: Ceri Davies <ceri at submonkey.net>
To: FreeBSD Gnats Submit <freebsd-gnats-submit at FreeBSD.org>
Cc:
Subject: Re: www/104131: it's impossible to search for 'category/port' using PR web interface (http://www.freebsd.org/cgi/query-pr-summary.cgi?query) fails with
Date: Sun, 8 Oct 2006 11:45:24 +0100
On Sat, Oct 07, 2006 at 07:48:30PM +0000, trasz wrote:
> It's impossible to search for PRs for, say, editors/vim port, by putting 'editors/vim'
> into 'Text in single-line fields:' field. It complains about invalid characters in filter
> and returns all the PRs in the database.
Here's the patch. I don't see how it could cause a problem, but simon
will probably want to look at it.
Ceri
Index: query-pr-summary.cgi
===================================================================
RCS file: /home/dcvs/www/en/cgi/query-pr-summary.cgi,v
retrieving revision 1.56
diff -u -r1.56 query-pr-summary.cgi
--- query-pr-summary.cgi 24 Sep 2006 13:34:55 -0000 1.56
+++ query-pr-summary.cgi 8 Oct 2006 10:43:55 -0000
@@ -276,14 +276,14 @@
# Check if the arguments provided by user are secure.
# This is required to be able to run this script in
# taint mode (perl -T)
- if ($input{$_} =~ /^([-^'\[\]\@\s\w.]+)$/) {
+ if ($input{$_} =~ /^([-^'\/\[\]\@\s\w.]+)$/) {
$d = $1;
$d =~ s/^"(.*)"$/$&/;
$d =~ s/'/\\'/;
$query_args .= " --${_}='$d'";
} else {
print "Insecure data in ${_}! Ignoring this filter.<br />".
- "Only alphanumeric characters and ', -, [, ], ^, @ are allowed.";
+ "Only alphanumeric characters and ', /,-, [, ], ^, @ are allowed.";
}
}
}
More information about the freebsd-www
mailing list