[Date Prev][Date Next][Thread Prev][Thread Next][Interchange by date
][Interchange by thread
]
Re: [ic] search error: Limit subroutine creation
Steffen Dettmer <steffen@dett.de> writes:
> * cfm@maine.com wrote on Fri, Nov 23, 2001 at 18:48 -0500:
> > On Fri, Nov 23, 2001 at 11:56:20PM +0100, Joachim Leidinger wrote:
> > > > > search error: Limit subroutine creation: Bad code: /SCSI-III (U2W/:
> > > > > unmatched () in regexp at (eval 230) line 6, <SEARCH> chunk 1.
> >
> > /SCSI-III (U2W/ <---- Oops, that last / is killing the parenthesis
> > match. Not that you want that either!
>
> I haven't checked the code, but for me it looks dangerous that
> there is not input validator putting an error before. What would
> happen when the user constructs careful search strings like
> se=x/;some_perl_code or similar?
I suppose that the search code is protected against such things.
>
> > My suggest is that you use another category string,
> > "SCSI_III_U2W_160_LVD_Kabel" is what Squash sub would produce.
>
> This stops IC from generating non-working links, but an attacker
> could request them with faked pages of course. Do I have to carry
> about such issues when developing a catalog with ITL, or is it
> safe by it's concepts?
There is some possibility that users drain your databases. You
can avoid this with the NoSearch directive, which is by default
set to userdb.
Ciao
Racke
--
Die Erde bleibt keine Scheibe. --- The earth remains no disk.
For projects and other business stuff please refer to COBOLT NetServices
(URL: http://www.cobolt.net; Email: info@cobolt.net; Phone: 0041-1-3884400)
_______________________________________________
interchange-users mailing list
interchange-users@interchange.redhat.com
http://interchange.redhat.com/mailman/listinfo/interchange-users