[interchange-cvs] [SCM] Interchange branch, STABLE_5_4-branch, updated. c5414b37d0af69b0db1b07b2aa617b4e6f256103

Jon Jensen interchange-cvs at icdevgroup.org
Thu Sep 17 22:11:25 UTC 2009


This is an automated email from the git hooks/post-receive script. It was
generated because a ref change was pushed to the repository containing
the project "Interchange".

The branch, STABLE_5_4-branch has been updated
       via  c5414b37d0af69b0db1b07b2aa617b4e6f256103 (commit)
       via  00ec49f5dc4668892ed1ffe9e8cd709a51f26208 (commit)
       via  6d566b5d94745271608cbb299e882c4ae9e265bd (commit)
       via  9a0189d6ab6c26eaf3b370c9fe6083a1454573fb (commit)
       via  1e3ece6f303f49a857e28c858cbe1b5ad9893b19 (commit)
       via  4813bab2cf5a7a1a0d132180faf63f40518d01eb (commit)
       via  4bdc908780c7fa3211e7e9ace3e72e79387ddbc2 (commit)
       via  002b21c264fe320b0225fa78a17e4f687b1d76f5 (commit)
       via  0b2734429f6b46b4352c5502ae1bd5c07e250378 (commit)
       via  f8912f275b07f47c1903af83c5f15e662a2583a2 (commit)
       via  178a5c31992e06ea90143053285a104ed15115d3 (commit)
       via  c1f7147fe6813b621ef039dd1f7a01af4d3e0266 (commit)
       via  d3e3b8d6722c262743efada652c2b59ac3dffad8 (commit)
       via  9bb84ae1640dc67ef188fb1e2b1f476e5434d8b2 (commit)
       via  99b4530661181d7e74d9e6b6630f842c36c7050c (commit)
       via  a0010f8f42c578ddca130afe322b8d664234ea09 (commit)
       via  83812b0ece106f4b2ce34b15a176c1b1db60b51e (commit)
       via  09e346b31682f1d286bdf9a25c76b909e5000716 (commit)
       via  1bf2aa7c157430e3f23ceb3b699b1f9e1b1fc829 (commit)
       via  e1216e8a0fa284f42a7b40e801cdbb76df892f21 (commit)
       via  81654e457e92f04c595908ead283502e22a0f703 (commit)
      from  26b64c2e51c964e47e8a8f0bc34c3ce7e37ba7b8 (commit)

Those revisions listed above that are new to this repository have
not appeared on any other notification email; so we list those
revisions in full, below.

- Log -----------------------------------------------------------------
commit c5414b37d0af69b0db1b07b2aa617b4e6f256103
Author: Jon Jensen <jon at endpoint.com>
Date:   Wed Sep 16 09:41:43 2009 -0600

    Update copyright year

commit 00ec49f5dc4668892ed1ffe9e8cd709a51f26208
Author: Jon Jensen <jon at endpoint.com>
Date:   Wed Sep 16 09:40:09 2009 -0600

    Note changes backported from master

commit 6d566b5d94745271608cbb299e882c4ae9e265bd
Author: Jon Jensen <jon at endpoint.com>
Date:   Tue Sep 1 18:02:27 2009 -0600

    Fix test failing because 12/2008 is now in the past

commit 9a0189d6ab6c26eaf3b370c9fe6083a1454573fb
Author: Jon Jensen <jon at endpoint.com>
Date:   Tue Sep 1 17:52:32 2009 -0600

    Update copyright year in Standard demo page footer

commit 1e3ece6f303f49a857e28c858cbe1b5ad9893b19
Author: Peter Ajamian <peter at pajamian.dhs.org>
Date:   Sat Aug 15 04:32:02 2009 -0700

    Don't ignore case of passed options to compile_link.
    
    compile_link was confusing the -s socketfile option with the new -S status
    because Getopt::Long ignores option case by default.  This fixes the problem by
    passing the no_ignore_case config parameter to Getopt::Long.

commit 4813bab2cf5a7a1a0d132180faf63f40518d01eb
Author: Jon Jensen <jon at endpoint.com>
Date:   Thu Jun 18 22:56:42 2009 -0600

    Remove CVV2/CSC from default credit card encrypted block template
    
    The card security code should not be stored at all, even in encrypted
    form. This makes the default behavior compliant with section 3.2.2 of
    PCI-DSS 1.2:
    
    https://www.pcisecuritystandards.org/security_standards/download.html?id=pci_dss_v1-2.pdf
    
    It is of course still possible to manually supply a template that
    stores the card security code in violation of PCI-DSS requirements, so
    developers should review any custom credit card encryption templates
    to make sure that the CVV2 is not included, and purge it from any
    historical data they have stored.
    
    Thanks to Mark Lipscombe for calling attention to this.

commit 4bdc908780c7fa3211e7e9ace3e72e79387ddbc2
Author: Jon Jensen <jon at endpoint.com>
Date:   Sun Nov 16 05:04:07 2008 +0000

    Fix two occasionally broken tests.
    
    Two tests of the [query] tag and built-in SQL parser relied on the results
    being returned in a particular, even though SQL's result sets are not ordered
    by default.
    
    Fixed this by specifying a sort order and setting the results to match.

commit 002b21c264fe320b0225fa78a17e4f687b1d76f5
Author: Peter Ajamian <peter at pajamian.dhs.org>
Date:   Tue Sep 15 21:34:01 2009 -0700

    Note latest commits

commit 0b2734429f6b46b4352c5502ae1bd5c07e250378
Author: Stefan Hornburg (Racke) <racke at linuxia.de>
Date:   Tue Sep 8 19:57:42 2009 +0200

    check whether directory is allowed before, not after path expansion
    (cherry picked from commit 4f17bcc6c33d2f891be2256005a835061159e9b9)
    (cherry picked from commit 09fe58fd0d7f27effb768eed428a13cf5cc222c7)

commit f8912f275b07f47c1903af83c5f15e662a2583a2
Author: Jon Jensen <jon at endpoint.com>
Date:   Tue Sep 8 09:15:14 2009 -0600

    Fix bug that didn't tolerate relative TemplateDir settings
    (cherry picked from commit 45471c43eacbf641c205a3abdd5f787d8b499347)
    (cherry picked from commit e61f8eb01f1ef8a7414caef78489b1e8653195ae)

commit 178a5c31992e06ea90143053285a104ed15115d3
Author: Jon Jensen <jon at endpoint.com>
Date:   Mon Sep 7 23:45:39 2009 -0600

    Disallow abuse of writes via ErrorFile when NoAbsolute is set
    
    Exploit reported by Peter Ajamian.
    (cherry picked from commit 9b6872cabea98440451efac8565f4050350116ef)
    (cherry picked from commit 5dd0cf2a516f8edcea9212a7191fd776916f46df)

commit c1f7147fe6813b621ef039dd1f7a01af4d3e0266
Author: Jon Jensen <jon at endpoint.com>
Date:   Mon Sep 7 23:07:31 2009 -0600

    parse_dir_array: Validate paths for NoAbsolute etc.
    (cherry picked from commit 08a1fdeb0cf66e2499844c96ab9e826857174fe3)
    (cherry picked from commit 5ec0f91820a74ccd17033af7b8ca7e9564ab0340)

commit d3e3b8d6722c262743efada652c2b59ac3dffad8
Author: Jon Jensen <jon at endpoint.com>
Date:   Mon Sep 7 23:05:24 2009 -0600

    parse_relative_dir: Use standard absolute_or_relative() check
    
    Use standard routines to check for absolute or subdirectory-escaping
    paths instead of duplicate logic here.
    
    Remove comment that's somewhat misleading since relative paths are
    absolutized all over in other routines too.
    (cherry picked from commit 7fcf35230ecfa91929165bf0129847752272576a)
    (cherry picked from 21283ad)

commit 9bb84ae1640dc67ef188fb1e2b1f476e5434d8b2
Author: Jon Jensen <jon at endpoint.com>
Date:   Mon Sep 7 23:03:18 2009 -0600

    Make sure catalog TemplateDir directives are safe when NoAbsolute is set
    (cherry picked from commit 239f9a3b19506dd2da369c3c8c047acf0f3b2d7f)

commit 99b4530661181d7e74d9e6b6630f842c36c7050c
Author: Jon Jensen <jon at endpoint.com>
Date:   Mon Sep 7 23:01:47 2009 -0600

    Set $Vend::Cat as early as possible
    
    This solves a chicken-and-egg problem for configuration-time code that
    works fine once the catalog is fully configured.
    (cherry picked from commit 74803e29a89d02d353739b9ee4f74c9db3a88938)
    (cherry picked from commit 58cb83e179000300bb5fa90e30b357a35b32c3c8)

commit a0010f8f42c578ddca130afe322b8d664234ea09
Author: Jon Jensen <jon at endpoint.com>
Date:   Tue Sep 1 19:53:25 2009 -0600

    Prevent TemplateDir from circumventing NoAbsolute constraints
    
    Problem reported by Peter Ajamian.
    (cherry picked from commit f265e8a282e61bb46a14ebfd41a842f13d96db17)
    (cherry picked from 6d618a6)

commit 83812b0ece106f4b2ce34b15a176c1b1db60b51e
Author: Jon Jensen <jon at endpoint.com>
Date:   Tue Sep 1 18:28:12 2009 -0600

    Move AllowedFileRegex from catalog into global configuration
    
    This prevents catalog-level tampering of the regular expression used for
    checking paths are allowed by NoAbsolute. It is set at startup time but
    before as a catalog configuration entry could be manipulated even in
    Safe page code.
    
    Problem reported by Peter Ajamian.
    
    (Cherry Picked from f34ce1b)

commit 09e346b31682f1d286bdf9a25c76b909e5000716
Author: Jon Jensen <jon at endpoint.com>
Date:   Tue Sep 15 17:03:24 2009 -0600

    Sync manifest

commit 1bf2aa7c157430e3f23ceb3b699b1f9e1b1fc829
Author: Jon Jensen <jon at endpoint.com>
Date:   Tue Sep 15 16:37:28 2009 -0600

    Set version to 5.4.4 for release

commit e1216e8a0fa284f42a7b40e801cdbb76df892f21
Author: Jon Jensen <jon at endpoint.com>
Date:   Tue Sep 15 16:34:43 2009 -0600

    Development switched from CVS to Git

commit 81654e457e92f04c595908ead283502e22a0f703
Author: Mark Lipscombe <markl at gasupnow.com>
Date:   Wed Jul 8 08:33:28 2009 +0000

    Fix remote disclosure security vulnerability
    
    Add new configuration option AllowRemoteSearch to selectively re-enable
    remote searches on "safe" tables. Defaults to products, variants and
    options.
    
    Please see UPGRADE for important information on upgrading your catalogs
    to prevent any problems.

-----------------------------------------------------------------------

Summary of changes and diff:
 MANIFEST                                           |    3 +-
 MANIFEST.SKIP                                      |    3 +
 Makefile.PL                                        |    4 +-
 README                                             |    8 +-
 README-DEVELOPMENT                                 |  108 ++
 README.cvs                                         |  158 --
 README.rpm-dist                                    |   12 +-
 UPGRADE                                            |  163 ++
 WHATSNEW-5.4                                       |   22 +-
 .../base_url.coretag => SystemTag/search.coretag}  |   10 +-
 configure                                          |    4 +-
 dist/standard/catalog.cfg                          |   30 +-
 dist/standard/pages/lost_password.html             |  185 ++-
 dist/standard/products/mv_metadata.asc             |    2 +-
 dist/standard/variables/COPYRIGHT                  |    2 +-
 dist/test/products/tests.asc                       | 1711 +-------------------
 lib/Vend/Config.pm                                 |   38 +-
 lib/Vend/Dispatch.pm                               |   18 +-
 lib/Vend/File.pm                                   |   16 +-
 lib/Vend/Interpolate.pm                            |    2 +-
 lib/Vend/Order.pm                                  |    1 -
 lib/Vend/Page.pm                                   |   27 +-
 lib/Vend/Scan.pm                                   |    5 +-
 lib/Vend/Util.pm                                   |   27 +-
 scripts/compile_link.PL                            |    2 +-
 scripts/interchange.PL                             |   14 +-
 26 files changed, 554 insertions(+), 2021 deletions(-)
 create mode 100644 README-DEVELOPMENT
 delete mode 100644 README.cvs
 copy code/{UI_Tag/base_url.coretag => SystemTag/search.coretag} (51%)

diff --git a/MANIFEST b/MANIFEST
index c65d658..799c83e 100644
--- a/MANIFEST
+++ b/MANIFEST
@@ -164,6 +164,7 @@ code/SystemTag/row.coretag
 code/SystemTag/salestax.coretag
 code/SystemTag/scratch.coretag
 code/SystemTag/scratchd.coretag
+code/SystemTag/search.coretag
 code/SystemTag/search_region.coretag
 code/SystemTag/selected.coretag
 code/SystemTag/set.coretag
@@ -1138,7 +1139,7 @@ Makefile.PL
 MANIFEST			This list of files
 MANIFEST.SKIP
 README
-README.cvs
+README-DEVELOPMENT
 README.debian
 README.rpm-dist
 relocate.pl
diff --git a/MANIFEST.SKIP b/MANIFEST.SKIP
index 5361fef..6e3230e 100644
--- a/MANIFEST.SKIP
+++ b/MANIFEST.SKIP
@@ -48,6 +48,9 @@ _$
 ^dist/mvmall(/|$)
 ^dist/simple(/|$)
 ^doc/.*[^d]
+^\.git(/|$)
+^\.gitignore$
+^\.gitmodules$
 ^help(/|$)
 ^lib/src/config.cache$
 ^lib/src/config.h$
diff --git a/Makefile.PL b/Makefile.PL
index 1191cd3..8b0a4e6 100644
--- a/Makefile.PL
+++ b/Makefile.PL
@@ -28,7 +28,7 @@ my @mods_to_get;
 my @remove_old;
 my $Lock_troubles;
 
-$VERSION = '5.4.3';
+$VERSION = '5.4.4';
 
 my @os_hints;
 eval {
@@ -154,7 +154,7 @@ sub copyright_prompt {
 
  Interchange V$VERSION
  
- Copyright (C) 2002-2005 Interchange Development Group.
+ Copyright (C) 2002-2009 Interchange Development Group.
  Copyright (C) 1996-2002 Red Hat, Inc.
  Interchange is free under the terms of the GNU General Public License.
 
diff --git a/README b/README
index 43e9478..0cc5106 100644
--- a/README
+++ b/README
@@ -2,9 +2,9 @@
 
                            I N T E R C H A N G E
 
-Interchange 5.4.3
+Interchange 5.4.4
 
-Copyright (C) 2002-2008 Interchange Development Group
+Copyright (C) 2002-2009 Interchange Development Group
 Copyright (C) 1996-2002 Red Hat, Inc.
 
 Originally based on Vend 0.2 and 0.3, copyright 1995-96 by Andrew M. Wilcox.
@@ -81,8 +81,8 @@ as an unprivileged user who will be the only one modifying Interchange files.
 
 Here is the quick installation summary:
 
-gzip -dc interchange-5.4.3.tar.gz | tar xvf -
-cd interchange-5.4.3
+gzip -dc interchange-5.4.4.tar.gz | tar xvf -
+cd interchange-5.4.4
 perl Makefile.PL
 make
 make test
diff --git a/README-DEVELOPMENT b/README-DEVELOPMENT
new file mode 100644
index 0000000..cb54f6d
--- /dev/null
+++ b/README-DEVELOPMENT
@@ -0,0 +1,108 @@
+------------------------------------------------------------------------------
+
+                   Tracking Interchange development in Git
+
+------------------------------------------------------------------------------
+
+If you don't want to wait for an official release, you can use Git to follow
+the latest Interchange development.
+
+WARNING: There may be bugs introduced at any time! Thoroughly test any changes
+before incorporating. Better yet, don't use Git changes for anything but
+fixing relevant bugs, and run the latest stable release.
+
+
+Browse Git tree online
+----------------------
+
+To browse the Interchange Git repository online, visit:
+
+http://git.icdevgroup.org/interchange/
+
+
+Clone a local copy
+------------------
+
+See instructions on cloning and working with a local Git working copy at:
+
+http://www.icdevgroup.org/i/dev/download
+
+
+Make a distribution tar file
+----------------------------
+
+It's best to build a distribution tar file to install from, rather than
+installing straight from your Git working copy. To do so:
+
+	$ cd interchange
+	$ perl Makefile.PL nocopy
+	Writing Makefile for Interchange
+	$ make tardist
+    # much output ...
+	$ ls interch*.tar.gz
+	interchange-5.7.1.tar.gz
+
+
+Unpack and install
+------------------
+
+Unpack the tar file and install as normal. See the README file and other
+documentation for help. You should already be familiar with the Interchange
+developer website at:
+
+	http://www.icdevgroup.org/
+
+Make sure you don't put your Git working copy at $HOME/interchange
+and then install on top of it, since $HOME/interchange is the default
+install directory.
+
+
+Updating
+--------
+
+Follow development discussions by joining the interchange-announce and
+interchange-users mailing lists.
+
+Keep track of ongoing code changes by joining the interchange-cvs mailing
+list, or watching the interchange/interchange repository in GitHub.
+
+In many cases, the major differences in the distribution will be easily
+updateable. You can copy any changed files directly to these library
+directories:
+
+	lib/Vend    (and all subdirectories)
+	lib/UI      (and all subdirectories)
+
+You should check the files:
+
+	catalog_after.cfg     (infrequently updated)
+	catalog_before.cfg    (frequently updated)
+	interchange.cfg.dist  (infrequently updated)
+	usertag/*             (infrequently updated)
+
+Finally, you should check differences in the bin/* files. While they
+are not as frequently updated as the lib/* files, they do change. Run
+diffs against the source files in scripts/*.PL, or do another install
+to a blank directory and do a diff to that.
+
+
+Keeping the catalog in sync
+---------------------------
+
+If you are patterning your order methods after one of the template
+catalogs, you will want to check the products/*.txt and products/*.asc
+files for changes. In particular, mv_metadata.asc is used to format
+and present quite a few things in the user interface. You may have
+to merge the databases, but there is an automated admin UI facility
+that can help you do this.
+
+
+Troubleshooting
+---------------
+
+If you get a complaint that a "file is not found" when trying to do a
+'make tardist' or 'make dist', that means your MANIFEST file is out of
+sync with the current codebase. Just do:
+
+	rm MANIFEST
+	make manifest
diff --git a/README.cvs b/README.cvs
deleted file mode 100644
index af5119d..0000000
--- a/README.cvs
+++ /dev/null
@@ -1,158 +0,0 @@
-------------------------------------------------------------------------------
-
-                   Tracking Interchange development in CVS
-
-------------------------------------------------------------------------------
-
-If you don't want to wait for an official release, you can use anonymous
-CVS to follow the latest Interchange development.
-
-WARNING: There may be bugs introduced at any time! Thoroughly test any
-changes before incorporating. Better yet, don't use CVS changes for
-anything but fixing present bugs, and run the latest release.
-
-
-Check out a local copy
-----------------------
-
-You need to have CVS installed on your system, to begin with. It
-comes pre-installed on most free Unix-like systems if you selected
-the development tools at install time. See http://www.cvshome.org/
-for download locations if you don't have it.
-
-If you are already an experienced CVS user, the information is:
-
-	CVSROOT   :pserver:cvs at cvs.icdevgroup.org:/var/cvs
-	password  (none)
-	module    interchange
-
-If you are not experienced with CVS, it is still easy to get going by
-following these steps. First, choose a place to put the local copy you're
-going to check out. A good choice is somewhere in your home directory,
-probably a src/ subdirectory:
-
-	$ cd
-	$ mkdir src
-	$ cd src
-	$ cvs -z3 -d :pserver:cvs at cvs.icdevgroup.org:/var/cvs checkout -P interchange
-
-It will take a while, as there are several megabytes of files to download.
-
-
-Make a distribution tar file
-----------------------------
-
-If it is your first time installing Interchange from the CVS, you will want
-to make a distribution tar file:
-
-	$ cd interchange
-	$ perl Makefile.PL nocopy
-	Writing Makefile for Interchange
-	$ make tardist
-	/usr/local/bin/perl -I/YOUR/PERL/LIB -MExtUtils::Manifest=manicopy,maniread \
-	-e "manicopy(maniread(),'interchange-4.9.x', 'best');"
-	mkdir interchange-5.0.0
-	mkdir interchange-5.0.0/dist
-	....
-	$ ls interch*.tar.gz
-	interchange-5.0.0.tar.gz
-
-
-Unpack and install
-------------------
-
-Unpack the tar file and install as normal. See the README file and other
-documentation for help. You should already be familiar with the Interchange
-developer website at:
-
-	http://www.icdevgroup.org/
-
-Make sure you don't check out your CVS copy into $HOME/interchange
-and then install on top of it, since $HOME/interchange is the default
-install directory.
-
-
-Checking for differences
-------------------------
-
-If you want to see how your current working files compare to the versions
-you checked out from the repository, cd into your checked out CVS copy and
-do:
-
-	cvs diff | more
-
-
-Updating
---------
-
-To update the distribution, change to your checked out CVS directory
-(e.g. src/interchange), then run:
-
-	$ cvs update -Pd
-	U MANIFEST
-	U WHATSNEW
-	....
-
-In many cases, the major differences in the distribution will be easily
-updateable. You can copy any changed files directly to these library
-directories:
-
-	lib/Vend    (and all subdirectories)
-	lib/UI      (and all subdirectories)
-
-You should check the files:
-
-	catalog_after.cfg     (infrequently updated)
-	catalog_before.cfg    (frequently updated)
-	interchange.cfg.dist  (infrequently updated)
-	usertag/*             (infrequently updated)
-
-Finally, you should check differences in the bin/* files. While they
-are not as frequently updated as the lib/* files, they do change. Run
-diffs against the source files in scripts/*.PL, or do another install
-to a blank directory and do a diff to that.
-
-
-Keeping the catalog in sync
----------------------------
-
-If you are patterning your order methods after one of the template
-catalogs, you will want to check the products/*.txt and products/*.asc
-files for changes. In particular, mv_metadata.asc is used to format
-and present quite a few things in the user interface. You may have
-to merge the databases, but there is an automated admin UI facility
-that can help you do this.
-
-
-Troubleshooting
----------------
-
-If you get a complaint that a "file is not found" when trying to do a
-'make tardist' or 'make dist', that means your MANIFEST file is out of
-sync with the current codebase. Just do:
-
-	rm MANIFEST
-	make manifest
-
-
-More on CVS
------------
-
-It is highly recommended that you create a .cvsrc file in your home
-directory to automatically use common options such as these:
-
-	cvs -z3 -q
-	diff -u
-	update -Pd
-	checkout -P
-
-This directs CVS to (1) automatically compress all data communicated
-between you and our server (saving bandwidth) and be quiet (printing
-out fewer diagnostic messages); (2) show context-sensitive diffs;
-(3) prune empty directories and create any new directories added to
-the repository since your checkout; and (4) prune empty directories
-during your checkouts.
-
-Please see the CVS website for complete documentation:
-
-	http://www.cvshome.org/
diff --git a/README.rpm-dist b/README.rpm-dist
index 5fbf236..0552648 100644
--- a/README.rpm-dist
+++ b/README.rpm-dist
@@ -31,7 +31,7 @@ the Interchange user ID to write/create files.
 
 Sessions and temporary files: /var/cache/interchange.
 
-Documentation: /usr/share/doc/interchange-5.4.3.
+Documentation: /usr/share/doc/interchange-5.4.4.
 
 On a dedicated production server, it is wise to segregate as many of these
 directories as possible onto their own partitions, to prevent problems if
@@ -45,7 +45,7 @@ usually come supplied with your operating system, so you will need to
 install them yourself. It's best to locate RPMs for each of the needed
 Perl modules and install them. To get a complete list of dependencies, do:
 
-rpm -qp --requires interchange-5.4.3-1.i386.rpm
+rpm -qp --requires interchange-5.4.4-1.i386.rpm
 
 Note that some of the dependencies are not actually necessary. For example,
 the Cybercash modules (CCMck*) are only needed if you use the Cybercash
@@ -82,14 +82,14 @@ This is unfortunate but is considered the best workaround at the moment.
 
 INSTALL
 
-rpm -Uvh interchange-5.4.3-1.i386.rpm
-rpm -Uvh interchange-standard-5.4.3-1.i386.rpm
+rpm -Uvh interchange-5.4.4-1.i386.rpm
+rpm -Uvh interchange-standard-5.4.4-1.i386.rpm
 
 Your version of RPM may correctly recognize Perl modules even if they
 were not installed via RPM. But it may not. If not, you'll need to install
 the main interchange package without dependency checking:
 
-rpm -Uvh --nodeps interchange-5.4.3-1.i386.rpm
+rpm -Uvh --nodeps interchange-5.4.4-1.i386.rpm
 
 
 STARTING/RESTARTING INTERCHANGE
@@ -149,7 +149,7 @@ installation:
 
 INSTALL
 
-rpm -Uvh interchange-standard-demo-5.4.3-1.i386.rpm
+rpm -Uvh interchange-standard-demo-5.4.4-1.i386.rpm
 
 
 USING THE DEMO
diff --git a/UPGRADE b/UPGRADE
index 46b4745..d17c67c 100644
--- a/UPGRADE
+++ b/UPGRADE
@@ -21,6 +21,12 @@ Interchange is designed to be drop-in compatible in its major version.
           facing side should be fairly straightforward to port. See
           "UPGRADING FROM 4.6.x" below.
 
+ ALL VERSIONS -- A security vulnerability has been found that allows
+          remote searching of any table in your database configured in
+          Interchange.  To fix this vulnerability, you may need to 
+          make some adjustments to your catalog.  See "REMOTE SEARCHING"
+          below.
+
 INSTALLING INTERCHANGE IN THE SAME LOCATION
 --------------------------------------------
 
@@ -320,3 +326,160 @@ Interchange:
     UserTags, UI_Tag etc.)  The message is only a warning as your local UserTag
     will override the global one.  If you didn't mean to override the global
     tag of the same name then simply rename your tag and restart Interchange.
+
+
+REMOTE SEARCHING
+----------------
+
+A security vulnerability was recently discovered where any table configured
+in your Interchange installation could be viewed remotely by an unauthenticated
+user via a specially crafted search request.
+
+This is a serious vulnerability, and all previous versions of Interchange are
+affected. Even if you do not use the default search structure, your catalog
+is likely to still be vulnerable.
+
+To resolve this, a new configuration option, AllowRemoteSearch has been
+introduced. It should be specified in each catalog configuration, and defaults
+to:
+
+     AllowRemoteSearch products variants options
+
+Any table specified in this option will be remotely searchable, and you should
+not permit any table with sensitive information to be searched in this way. You
+should carefully consider the implications of adding any further tables to this
+configuration option.
+
+Remote searches may be used by your existing catalog. These should continue
+working without any changes as long as they only search tables that are permitted
+by the AllowRemoteSearch configuration. You should carefully examine your
+catalog for uses of the "search" form action, or pages which submit a form to
+a page called "search" or "scan". If they specify a search file other than
+products, variants or options, you should consider rewriting that page to just
+accept the search terms via CGI parameters, and not the entire search. Please
+consult the documentation on in page searches at:
+
+     http://www.icdevgroup.org/doc/icdatabase.html#In-Page%20Searches
+
+If your catalog makes use of ActionMaps that perform searches, these should
+continue to work as intended as long as they search a table allowed by 
+AllowRemoteSearch. However, you should consider updating them to use the 
+new "search" tag.  For example, an existing ActionMap that performs a search
+like this:
+
+   ActionMap old_cat <<EOR
+   sub {
+        my ($action, $class) = split('/', shift);
+
+        $class =~ s/_/ /g;
+
+        # Originally, search parameters were placed in the CGI hash.
+        $CGI->{co} = 1;
+        $CGI->{fi} = 'products';
+        $CGI->{st} = 'db';
+        $CGI->{sf} = 'category';
+        $CGI->{se} = "$class";
+        $CGI->{sp} = 'results';
+        $CGI->{tf} = 'category,description:f';
+        $CGI->{op} = 'eq';
+
+        $CGI->{mv_todo} = 'search';
+        $CGI->{mv_nextpage} = 'results';
+        # And the "update" tag was called to re-evaluate the page with
+        # the provided search parameters.
+        $Tag->update('process');
+        return 1;
+   }
+   EOR
+
+Would be updated to instead look like this:
+
+   ActionMap new_cat <<EOR
+   sub {
+        my ($action, $class) = split('/', shift);
+
+        $class =~ s/_/ /g;
+
+        # Now, you must create a hash to hold the search
+        # parameters.
+        my $search;
+        $search->{co} = 1;
+        $search->{fi} = 'products';
+        $search->{st} = 'db';
+        $search->{sf} = 'category';
+        $search->{se} = "$class";
+        $search->{sp} = 'results';
+        $search->{tf} = 'category,description:f';
+        $search->{op} = "eq";
+
+        $CGI->{mv_nextpage} = 'results';
+        # And call the new search tag, which isn't subject to the
+        # AllowRemoteSearch restrictions.
+        $Tag->search({ search => $search });
+
+        return 1;
+   }
+   EOR
+
+If you are using a modern version of the standard catalog as the basis
+for your catalog, there is a special subroutine that provides friendly
+URLs for product categories, but is not a traditional ActionMap.  Similar
+to the example above, you will need to alter your catalog.cfg, replacing
+the entire Sub ncheck_category with:
+
+Sub ncheck_category <<EOS
+sub {
+    my ($name) = @_;
+    return unless $name =~ m{^[A-Z]};
+    $name =~ s,_, ,g;
+    my ($prod_group, $category) = split m{/}, $name;
+
+    my $search;
+    $search->{co} = 1;
+    $search->{fi} = 'products';
+    $search->{st} = 'db';
+    $search->{sf} = join "\0", 'prod_group', 'category';
+    $search->{op} = join "\0", 'eq', 'eq';
+    $search->{se} = join "\0", $prod_group, $category;
+    $search->{sp} = 'results';
+    $search->{mv_todo} = 'search';
+    $Tag->search({ search => $search });
+    if (($o = $Search->{''}) && @{$o->{mv_results}}) {
+        return (1,  $Config->{Special}->{results});
+    }
+
+    return;
+}
+EOS
+
+In the standard and foundation catalogs, the "lost password" feature makes use
+of the remote search feature to be able to retrieve lost passwords. We recommend
+that you remove catalog/pages/query/get_password.html from your catalog, and
+replace catalog/pages/lost_password.html with an updated version from this
+distribution. As an alternative, you may apply the following patch to your
+existing catalog/pages/query/get_password.html:
+
+diff --git a/dist/standard/pages/query/get_password.html
+b/dist/standard/pages/query/get_password.html
+index 2d70c84..5aa51f1 100644
+--- a/dist/standard/pages/query/get_password.html
++++ b/dist/standard/pages/query/get_password.html
+@@ -32,8 +32,10 @@ ui_template_name: leftonly
+        if( $Scratch->{tried_pw_retrieve}++ > 10 ) {
+                return "No way, Jos&eacute;. Too many times.";
+        }
+     $CGI->{mv_todo} = 'search';
+        $Config->{NoSearch} = '';
++       push(@{$Config->{AllowRemoteSearch}},'userdb');
++       return;
+ [/perl]
+ [update process]
+ [search-region]
+
+This is not a recommended solution, and is only a workaround until you can
+consider the changes in the updated lost password page.
+
+If you do not wish to upgrade your Interchange installation to fix this
+vulnerability, patches for all currently supported Interchange versions are
+also available from http://www.icdevgroup.org/. You will still need to
+follow the upgrade advice contained here.
diff --git a/WHATSNEW-5.4 b/WHATSNEW-5.4
index 744e814..4ba8573 100644
--- a/WHATSNEW-5.4
+++ b/WHATSNEW-5.4
@@ -5,14 +5,34 @@
 
 ------------------------------------------------------------------------------
 
+See UPGRADE document for a list of incompatible changes.
+
+
+Interchange 5.4.4 released on 2009-09-17.
 
-Interchange 5.4.4 not yet released.
 
 Core
 ----
 
+* Close remote disclosure security vulnerability, and added new configuration
+  option AllowRemoteSearch to selectively re-enable remote searches on "safe"
+  tables. Defaults to products, variants and options.
+
+  Please see UPGRADE for important information on upgrading your
+  catalogs to prevent any problems.
+
 * Update broken getppid() detection for Perl 5.10.0.
 
+* Make sure catalog TemplateDir and ErrorFile directives are safe when
+  NoAbsolute is set.
+
+* Fix some unit tests.
+
+* Fix compile_link problem with newer version of Getopt::Long.
+
+* Remove CVV2/CSC from default credit card encrypted block template for
+  PCI-DSS compliance.
+
 Standard demo
 -------------
 
diff --git a/code/UI_Tag/base_url.coretag b/code/SystemTag/search.coretag
similarity index 51%
copy from code/UI_Tag/base_url.coretag
copy to code/SystemTag/search.coretag
index 5e75543..0b0413b 100644
--- a/code/UI_Tag/base_url.coretag
+++ b/code/SystemTag/search.coretag
@@ -1,11 +1,11 @@
-# Copyright 2002-2007 Interchange Development Group and others
+# Copyright 2002-2009 Interchange Development Group and others
 # 
 # This program is free software; you can redistribute it and/or modify
 # it under the terms of the GNU General Public License as published by
 # the Free Software Foundation; either version 2 of the License, or
 # (at your option) any later version.  See the LICENSE file for details.
-# 
-# $Id: base_url.coretag,v 1.3.2.1 2007-03-31 00:20:14 pajamian Exp $
 
-UserTag base-url Version $Revision: 1.3.2.1 $
-UserTag base-url Routine sub { return $Vend::Cfg->{VendURL} }
+UserTag search              Order        search
+UserTag search              addAttr
+UserTag search              Version      $Revision: 1.5 $
+UserTag search              MapRoutine   Vend::Page::do_search
diff --git a/configure b/configure
index 2e73d6a..acdccfd 100755
--- a/configure
+++ b/configure
@@ -1,12 +1,10 @@
 #!/bin/sh
 
-# $Id: configure,v 2.21.2.3 2008-11-12 05:25:44 jon Exp $
-
 cat <<EOF
 
  Interchange
 
- Copyright 2002-2008 Interchange Development Group (http://www.icdevgroup.org/)
+ Copyright 2002-2009 Interchange Development Group (http://www.icdevgroup.org/)
  Copyright 1996-2002 Red Hat, Inc.
 
  Interchange was originally based on Vend 0.2 and 0.3
diff --git a/dist/standard/catalog.cfg b/dist/standard/catalog.cfg
index 1b506c3..40a196f 100644
--- a/dist/standard/catalog.cfg
+++ b/dist/standard/catalog.cfg
@@ -453,17 +453,6 @@ sub {
 }
 EOR
 
-# Allow customers to have their passwords emailed to them.
-ActionMap  get_password   <<EOR
-sub {
-	$Config->{NoSearch} = '';
-	$CGI->{mv_nextpage} = $CGI->{mv_search_page} = 'action/get_password';
-	$CGI->{mv_todo} = 'search';
-	$Tag->update('process');
-	return 1;
-}
-EOR
-
 # Pricing setup
 #
 # If the user is logged in and is marked as a "dealer" (1 in the dealer
@@ -658,15 +647,16 @@ sub {
     $name =~ s,_, ,g;
     my ($prod_group, $category) = split m{/}, $name; 
 
-    $CGI->{co} = 1;
-    $CGI->{fi} = 'products';
-    $CGI->{st} = 'db';
-    $CGI->{sf} = join "\0", 'prod_group', 'category';
-    $CGI->{op} = join "\0", 'eq', 'eq';
-    $CGI->{se} = join "\0", $prod_group, $category;
-    $CGI->{sp} = 'results';
-    $CGI->{mv_todo} = 'search';
-    $Tag->update('process');
+    my $search;
+    $search->{co} = 1;
+    $search->{fi} = 'products';
+    $search->{st} = 'db';
+    $search->{sf} = join "\0", 'prod_group', 'category';
+    $search->{op} = join "\0", 'eq', 'eq';
+    $search->{se} = join "\0", $prod_group, $category;
+    $search->{sp} = 'results';
+    $search->{mv_todo} = 'search';
+    $Tag->search({ search => $search });
     if (($o = $Search->{''}) && @{$o->{mv_results}}) {
         return (1,  $Config->{Special}->{results});
     }
diff --git a/dist/standard/pages/lost_password.html b/dist/standard/pages/lost_password.html
index c057eb5..9f31e76 100644
--- a/dist/standard/pages/lost_password.html
+++ b/dist/standard/pages/lost_password.html
@@ -3,7 +3,7 @@ ui_template: Yes
 ui_template_name: leftonly
 [/comment]
 
-[tmp page_title]__COMPANY__ -- [L]Lost your password?[/L][/tmp]
+[tmp page_title]__COMPANY__ -- [L LOST_PASSWORD_TITLE]Lost your username or password?[/L][/tmp]
 
 [control reset=1]
 
@@ -22,10 +22,97 @@ ui_template_name: leftonly
 <!-- BEGIN CONTENT -->
 
 <br>
-
+<table width="80%">
+<tr><td __HEADERBG__>
+    <font size="+1" color="__HEADERTEXT__">[L LOST_PASSWORD_TITLE]Lost your username or password?[/L]</font>
+    </td>
+</tr></table>
+<br/>
+
+[if cgi lost_email]
+[or cgi lost_username]
+[perl]
+	if( $Scratch->{tried_pw_retrieve}++ > 10 ) {
+		$Tmp->{not_ok} = 1;
+		return '<font color="red">' . errmsg("Too many failed attempts.") . '</font>';
+	}
+	$Config->{NoSearch} = '';
+	return;
+[/perl]
+
+[loop search="
+	co=yes
+	st=db
+	fi=userdb
+	rf=username,password,email
+	sf=email
+	se=[cgi lost_email]
+	op=em
+	sf=username
+	se=[cgi lost_username]
+	op=em
+	os=yes" 
+]
+[tmp get_id_matches][loop-param username][/tmp]
+[/loop]
+
+[if value mv_search_match_count > 1]
+[msg arg.0='<a href="[area contact]">' arg.1='</a>']Please %scontact us%s to assist you with the retrieval of your account details.[/msg]
+[tmp get_id_matches][/tmp]
+[/if]
+[if value mv_search_match_count == 0]
 <table width="95%" align="center">
 <tr>
   <td>
+   <table width="80%">
+    <tr>
+     <td>
+<font color="red">[msg arg.0='<a href="[area contact]">' arg.1='</a>']Sorry, we did not find a match for the provided details. Please try again, or %scontact us%s for assistance.[/msg]</font>
+     </td>
+    </tr>
+   </table>
+  </td>
+ </tr>
+</table>
+[tmp not_ok]1[/tmp]
+<br/>
+[/if]
+
+[if scratch get_id_matches]
+[tmp name=id_ok][/tmp]
+[tmp name=id_ok interpolate=1][loop arg="[scratch get_id_matches]"][email
+                 to="[loop-data userdb email]"
+		 subject="[L]Your login information[/L]"
+		 from="__COMPANY__ [L]password minder[/L] <__EMAIL_SERVICE__>"
+		 reply="__EMAIL_SERVICE__"] 
+
+[L GET_PASSWORD_MSG1]Hello! You requested that your ID and password be sent to your email address of record. The information is[/L]:
+  
+[L]Username[/L]:  [loop-code]
+[L]Password[/L]:  [data table=userdb col=password key="[loop-code]" safe-data=1]
+
+[L]You can log in at[/L]:
+[area login]
+
+[L GET_PASSWORD_MSG2]Please contact us if we can be of service, and thank you for doing business with us.[/L]
+[/email][/loop][/tmp]
+
+[if !scratch id_ok]
+[msg arg.0='<a href="[area contact]">' arg.1='</a>']Please %scontact us%s to assist you with the retrieval or your account details.[/msg]
+[else]
+[L]An e-mail with your credentials has been sent.[/L]
+<br/><br/>
+[L LOST_PASSWORD_SHORTNOTE]If you do not receive an email within the next 24 hours after submission, please <a href="[area contact]">contact us</a> for further assistance.[/L]
+<br/><br/>
+[L LOST_PASSWORD_NOTE_AOL]<b>Note:</b> If you are using email filter options that help reduce spam, please make sure you allow e-mail to be sent to you from __EMAIL_SERVICE__[/L]
+[/else] 
+[/if] 
+[/if]
+[/if]
+
+[if scratch not_ok]
+[or cgi lost_email eq '']
+[and cgi lost_username eq '']
 
 	[if session failure]
 
@@ -35,70 +122,50 @@ ui_template_name: leftonly
     [/if]
 
 
-<FORM METHOD="POST" ACTION="[area query/get_password]">
+<table width="95%" align="center">
+<tr>
+  <td>
+<form method="post" action="@@MV_PAGE@@">
 [form-session-id]
-<INPUT TYPE=hidden NAME=mv_coordinate VALUE=yes>
-<INPUT TYPE=hidden NAME=mv_searchtype VALUE=db>
-<INPUT TYPE=hidden NAME=mv_search_file VALUE=userdb>
-
-<INPUT TYPE=hidden NAME=mv_search_field VALUE=fname>
-<INPUT TYPE=hidden NAME=mv_search_field VALUE=lname>
-<INPUT TYPE=hidden NAME=mv_search_field VALUE=email>
-<INPUT TYPE=hidden NAME=mv_search_field VALUE=zip>
-<INPUT TYPE=hidden NAME=mv_substring_match VALUE=no>
-<INPUT TYPE=hidden NAME=mv_substring_match VALUE=no>
-<INPUT TYPE=hidden NAME=mv_substring_match VALUE=no>
-<INPUT TYPE=hidden NAME=mv_substring_match VALUE=yes>
-<INPUT TYPE=hidden NAME=mv_column_op VALUE=rm>
-<INPUT TYPE=hidden NAME=mv_column_op VALUE=rm>
-<INPUT TYPE=hidden NAME=mv_column_op VALUE=rm>
-<INPUT TYPE=hidden NAME=mv_column_op VALUE=rm>
-<TABLE WIDTH=80%>
-<TR><TD __HEADERBG__>
-    <FONT SIZE="+1" COLOR="__HEADERTEXT__">[L]Lost your customer ID?[/L]</FONT>
-    </TD>
-</TR></TABLE>
-<BLOCKQUOTE>
- [L]Just complete enough to ensure one match.[/L]
-</BLOCKQUOTE>
-<TABLE WIDTH=80%>
-<TR>
-	<TD ALIGN=RIGHT>
-	[L]First Name[/L]
-	</TD>
- 	<TD><INPUT NAME="mv_searchspec" TYPE="text" SIZE="24"></TD>
-</TR>
-<TR>
-	<TD ALIGN=RIGHT>
-	[L]Last Name[/L]
-	</TD>
-	<TD><INPUT NAME="mv_searchspec" TYPE="text" SIZE="24"></TD>
-</TR>
-<TR>
-	<TD ALIGN=RIGHT>
+
+[L LOST_PASSWORD_INTRO]Please enter your username or email address to get your credentials emailed to you:[/L]
+<br/><br/>
+
+<table width="80%">
+<tr>
+	<td align="right">
+	[L]Username[/L]
+	</td>
+ 	<td><input name="lost_username" type="text" size="24"></td>
+</tr>
+<tr>
+        <td></td>
+	<td align="left"><b>[L]or[/L]</b></td>
+</tr>
+<tr>
+	<td align="right">
 	[L]Email[/L]
-	</TD>
-	<TD><INPUT NAME="mv_searchspec" TYPE="text" SIZE="24"></TD>
-</TR>
-<TR>
-	<TD ALIGN=RIGHT>
-	[L]Zip Code[/L]
-	</TD>
-	<TD><INPUT NAME="mv_searchspec" TYPE="text" SIZE="24"></TD>
-
-</TR>
-<TR>
-	<TD ALIGN=RIGHT>&nbsp;</TD>
+	</td>
+	<td><input name="lost_email" type="text" size="24"></td>
+</tr>
+<tr>
+	<td align="right">&nbsp;</td>
 	
-	<TD><INPUT TYPE=SUBMIT VALUE="[L]Submit[/L]"><INPUT TYPE="reset"></TD>
-</TR>
-</TABLE>
-</FORM>
+	<td><br/><input type="submit" value="[L]Submit[/L]"><input type="reset"></td>
+</tr>
+</table>
+</form>
+[L LOST_PASSWORD_NOTE]If you do not remember neither your username nor your email address you used upon registration, or if you do not receive an email within the next 24 hours after submission, please <a href="[area contact]">contact us</a> for further assistance.[/L]
+<br/><br/>
+[L LOST_PASSWORD_NOTE_AOL]<b>Note:</b> If you are using email filter options that help reduce spam, please make sure you allow e-mail to be sent to you from __EMAIL_SERVICE__[/L]
 
   </td>
 </tr>
 </table>
+[/if]
+<br/><br/>
+<br/><br/>
 
 <!-- END CONTENT -->
-
 @_LEFTONLY_BOTTOM_@
+
diff --git a/dist/standard/products/mv_metadata.asc b/dist/standard/products/mv_metadata.asc
index 8341fe7..3356a99 100644
--- a/dist/standard/products/mv_metadata.asc
+++ b/dist/standard/products/mv_metadata.asc
@@ -279,7 +279,7 @@ transactions::auth_code	text	16								Authorization
 transactions::deleted	yesno									Deleted
 transactions::order_id	text	32								Order ID
 transactions::status	select							pending=Pending, shipped=Shipped, partial=Partially shipped, backorder=Back ordered, waiting=Waiting for payment, credit=Waiting for credit check, canceled=Canceled					nullselect
-ui-version										5.4.3
+ui-version										5.4.4
 ui_component::mv_metadata	table								ui_component			mv_metadata								{'ui_data_fields' => "=Main

code
label
default
type
width
height
options
filter

=Database lookup

lookup
field
db

=Help and misc

help
help_url
prepend
append
pre_filter",'table_width' => "80%",'left_width' => "30%",}
 ui_component::mv_metadata::append	textarea	60	5							Append HTML	<SMALL>HTML to be appended to the widget.
Will substitute in the macros _UI_TABLE_, _UI_COLUMN_,
_UI_KEY, and _UI_VALUE_, and will resolve relative links
with absolute links.</SMALL>
 ui_component::mv_metadata::attribute	text	20								Column name	Do not set this.
diff --git a/dist/standard/variables/COPYRIGHT b/dist/standard/variables/COPYRIGHT
index d3713ab..d290ad1 100644
--- a/dist/standard/variables/COPYRIGHT
+++ b/dist/standard/variables/COPYRIGHT
@@ -2,6 +2,6 @@
     [if variable MV_DEMO_MODE]
       <p>[page admin/index][L]Admin[/L]</a></p>
     [/if]
-	<p style="font-size: 10px; color: #000000">Portions copyright 2002-2006 ICDEVGROUP, freely redistributable under GPL</p>
+	<p style="font-size: 10px; color: #000000">Portions copyright 2002-2009 Interchange Development Group, freely redistributable under GPL</p>
   </div>
 
diff --git a/dist/test/products/tests.asc b/dist/test/products/tests.asc
index 741b21c..84cff83 100644
--- a/dist/test/products/tests.asc
+++ b/dist/test/products/tests.asc
@@ -257,9 +257,9 @@ Fly-list tag
 %%%
 000020
 %%
-[sql query="select artist from products where category like 'Americana'" tolerant-like=1][sql-param artist] [/sql]
+[query list=1 sql="select artist from products where category like 'Americana' order by artist" tolerant-like=1][sql-param artist] [/query]
 %%
-Grant Wood The Art Store Jean Langan
+Grant Wood Jean Langan The Art Store
 %%
 
 %%
@@ -269,9 +269,9 @@ Grant Wood The Art Store Jean Langan
 %%%
 000021
 %%
-[sql query="select * from products where category like '%Americana%'"][sql-field artist] [/sql]
+[query list=1 sql="select * from products where category like '%Americana%' order by artist desc"][sql-field artist] [/query]
 %%
-Grant Wood The Art Store Jean Langan
+The Art Store Jean Langan Grant Wood
 %%
 
 %%
@@ -1253,11 +1253,11 @@ ERROR
 %%%
 000086
 %%
-[if validcc 5959595959595959 mc 12/08]OK[else]ERROR[/else][/if] 1.
-[if validcc 5959595959595958 mc 12/08]ERROR[else]OK[/else][/if] 2.
+[if validcc 5959595959595959 mc 12/18]OK[else]ERROR[/else][/if] 1.
+[if validcc 5959595959595958 mc 12/18]ERROR[else]OK[/else][/if] 2.
 [if validcc 5959595959595959 mc 12/94]ERROR[else]OK[/else][/if] 3.
-[if type=validcc term=5959595959595959 op="mc" comp=12/08]OK[else]ERROR[/else][/if] 1.
-[if type=validcc term=5959595959595958 op=mc comp=12/08]ERROR[else]OK[/else][/if] 2.
+[if type=validcc term=5959595959595959 op="mc" comp=12/18]OK[else]ERROR[/else][/if] 1.
+[if type=validcc term=5959595959595958 op=mc comp=12/18]ERROR[else]OK[/else][/if] 2.
 [if type=validcc term=5959595959595959 op=mc comp=12/94]ERROR[else]OK[/else][/if] 3.
 %%
 OK
@@ -2835,1698 +2835,3 @@ The NOT expected result.
 
 %%
 Skeleton test.
-%%%
-999999
-%%
-[the test] [perl]
-# Make this come out right
-return 'The expected result as a regex.';
-[/perl]
-%%
-The expected result as a regex.
-%%
-The NOT expected result.
-%%
-
-%%
-Skeleton test.
-%%%
-999999
-%%
-[the test] [perl]
-# Make this come out right
-return 'The expected result as a regex.';
-[/perl]
-%%
-The expected result as a regex.
-%%
-The NOT expected result.
-%%
-
-%%
-Skeleton test.
-%%%
-999999
-%%
-[the test] [perl]
-# Make this come out right
-return 'The expected result as a regex.';
-[/perl]
-%%
-The expected result as a regex.
-%%
-The NOT expected result.
-%%
-
-%%
-Skeleton test.
-%%%
-999999
-%%
-[the test] [perl]
-# Make this come out right
-return 'The expected result as a regex.';
-[/perl]
-%%
-The expected result as a regex.
-%%
-The NOT expected result.
-%%
-
-%%
-Skeleton test.
-%%%
-999999
-%%
-[the test] [perl]
-# Make this come out right
-return 'The expected result as a regex.';
-[/perl]
-%%
-The expected result as a regex.
-%%
-The NOT expected result.
-%%
-
-%%
-Skeleton test.
-%%%
-999999
-%%
-[the test] [perl]
-# Make this come out right
-return 'The expected result as a regex.';
-[/perl]
-%%
-The expected result as a regex.
-%%
-The NOT expected result.
-%%
-
-%%
-Skeleton test.
-%%%
-999999
-%%
-[the test] [perl]
-# Make this come out right
-return 'The expected result as a regex.';
-[/perl]
-%%
-The expected result as a regex.
-%%
-The NOT expected result.
-%%
-
-%%
-Skeleton test.
-%%%
-999999
-%%
-[the test] [perl]
-# Make this come out right
-return 'The expected result as a regex.';
-[/perl]
-%%
-The expected result as a regex.
-%%
-The NOT expected result.
-%%
-
-%%
-Skeleton test.
-%%%
-999999
-%%
-[the test] [perl]
-# Make this come out right
-return 'The expected result as a regex.';
-[/perl]
-%%
-The expected result as a regex.
-%%
-The NOT expected result.
-%%
-
-%%
-Skeleton test.
-%%%
-999999
-%%
-[the test] [perl]
-# Make this come out right
-return 'The expected result as a regex.';
-[/perl]
-%%
-The expected result as a regex.
-%%
-The NOT expected result.
-%%
-
-%%
-Skeleton test.
-%%%
-999999
-%%
-[the test] [perl]
-# Make this come out right
-return 'The expected result as a regex.';
-[/perl]
-%%
-The expected result as a regex.
-%%
-The NOT expected result.
-%%
-
-%%
-Skeleton test.
-%%%
-999999
-%%
-[the test] [perl]
-# Make this come out right
-return 'The expected result as a regex.';
-[/perl]
-%%
-The expected result as a regex.
-%%
-The NOT expected result.
-%%
-
-%%
-Skeleton test.
-%%%
-999999
-%%
-[the test] [perl]
-# Make this come out right
-return 'The expected result as a regex.';
-[/perl]
-%%
-The expected result as a regex.
-%%
-The NOT expected result.
-%%
-
-%%
-Skeleton test.
-%%%
-999999
-%%
-[the test] [perl]
-# Make this come out right
-return 'The expected result as a regex.';
-[/perl]
-%%
-The expected result as a regex.
-%%
-The NOT expected result.
-%%
-
-%%
-Skeleton test.
-%%%
-999999
-%%
-[the test] [perl]
-# Make this come out right
-return 'The expected result as a regex.';
-[/perl]
-%%
-The expected result as a regex.
-%%
-The NOT expected result.
-%%
-
-%%
-Skeleton test.
-%%%
-999999
-%%
-[the test] [perl]
-# Make this come out right
-return 'The expected result as a regex.';
-[/perl]
-%%
-The expected result as a regex.
-%%
-The NOT expected result.
-%%
-
-%%
-Skeleton test.
-%%%
-999999
-%%
-[the test] [perl]
-# Make this come out right
-return 'The expected result as a regex.';
-[/perl]
-%%
-The expected result as a regex.
-%%
-The NOT expected result.
-%%
-
-%%
-Skeleton test.
-%%%
-999999
-%%
-[the test] [perl]
-# Make this come out right
-return 'The expected result as a regex.';
-[/perl]
-%%
-The expected result as a regex.
-%%
-The NOT expected result.
-%%
-
-%%
-Skeleton test.
-%%%
-999999
-%%
-[the test] [perl]
-# Make this come out right
-return 'The expected result as a regex.';
-[/perl]
-%%
-The expected result as a regex.
-%%
-The NOT expected result.
-%%
-
-%%
-Skeleton test.
-%%%
-999999
-%%
-[the test] [perl]
-# Make this come out right
-return 'The expected result as a regex.';
-[/perl]
-%%
-The expected result as a regex.
-%%
-The NOT expected result.
-%%
-
-%%
-Skeleton test.
-%%%
-999999
-%%
-[the test] [perl]
-# Make this come out right
-return 'The expected result as a regex.';
-[/perl]
-%%
-The expected result as a regex.
-%%
-The NOT expected result.
-%%
-
-%%
-Skeleton test.
-%%%
-999999
-%%
-[the test] [perl]
-# Make this come out right
-return 'The expected result as a regex.';
-[/perl]
-%%
-The expected result as a regex.
-%%
-The NOT expected result.
-%%
-
-%%
-Skeleton test.
-%%%
-999999
-%%
-[the test] [perl]
-# Make this come out right
-return 'The expected result as a regex.';
-[/perl]
-%%
-The expected result as a regex.
-%%
-The NOT expected result.
-%%
-
-%%
-Skeleton test.
-%%%
-999999
-%%
-[the test] [perl]
-# Make this come out right
-return 'The expected result as a regex.';
-[/perl]
-%%
-The expected result as a regex.
-%%
-The NOT expected result.
-%%
-
-%%
-Skeleton test.
-%%%
-999999
-%%
-[the test] [perl]
-# Make this come out right
-return 'The expected result as a regex.';
-[/perl]
-%%
-The expected result as a regex.
-%%
-The NOT expected result.
-%%
-
-%%
-Skeleton test.
-%%%
-999999
-%%
-[the test] [perl]
-# Make this come out right
-return 'The expected result as a regex.';
-[/perl]
-%%
-The expected result as a regex.
-%%
-The NOT expected result.
-%%
-
-%%
-Skeleton test.
-%%%
-999999
-%%
-[the test] [perl]
-# Make this come out right
-return 'The expected result as a regex.';
-[/perl]
-%%
-The expected result as a regex.
-%%
-The NOT expected result.
-%%
-
-%%
-Skeleton test.
-%%%
-999999
-%%
-[the test] [perl]
-# Make this come out right
-return 'The expected result as a regex.';
-[/perl]
-%%
-The expected result as a regex.
-%%
-The NOT expected result.
-%%
-
-%%
-Skeleton test.
-%%%
-999999
-%%
-[the test] [perl]
-# Make this come out right
-return 'The expected result as a regex.';
-[/perl]
-%%
-The expected result as a regex.
-%%
-The NOT expected result.
-%%
-
-%%
-Skeleton test.
-%%%
-999999
-%%
-[the test] [perl]
-# Make this come out right
-return 'The expected result as a regex.';
-[/perl]
-%%
-The expected result as a regex.
-%%
-The NOT expected result.
-%%
-
-%%
-Skeleton test.
-%%%
-999999
-%%
-[the test] [perl]
-# Make this come out right
-return 'The expected result as a regex.';
-[/perl]
-%%
-The expected result as a regex.
-%%
-The NOT expected result.
-%%
-
-%%
-Skeleton test.
-%%%
-999999
-%%
-[the test] [perl]
-# Make this come out right
-return 'The expected result as a regex.';
-[/perl]
-%%
-The expected result as a regex.
-%%
-The NOT expected result.
-%%
-
-%%
-Skeleton test.
-%%%
-999999
-%%
-[the test] [perl]
-# Make this come out right
-return 'The expected result as a regex.';
-[/perl]
-%%
-The expected result as a regex.
-%%
-The NOT expected result.
-%%
-
-%%
-Skeleton test.
-%%%
-999999
-%%
-[the test] [perl]
-# Make this come out right
-return 'The expected result as a regex.';
-[/perl]
-%%
-The expected result as a regex.
-%%
-The NOT expected result.
-%%
-
-%%
-Skeleton test.
-%%%
-999999
-%%
-[the test] [perl]
-# Make this come out right
-return 'The expected result as a regex.';
-[/perl]
-%%
-The expected result as a regex.
-%%
-The NOT expected result.
-%%
-
-%%
-Skeleton test.
-%%%
-999999
-%%
-[the test] [perl]
-# Make this come out right
-return 'The expected result as a regex.';
-[/perl]
-%%
-The expected result as a regex.
-%%
-The NOT expected result.
-%%
-
-%%
-Skeleton test.
-%%%
-999999
-%%
-[the test] [perl]
-# Make this come out right
-return 'The expected result as a regex.';
-[/perl]
-%%
-The expected result as a regex.
-%%
-The NOT expected result.
-%%
-
-%%
-Skeleton test.
-%%%
-999999
-%%
-[the test] [perl]
-# Make this come out right
-return 'The expected result as a regex.';
-[/perl]
-%%
-The expected result as a regex.
-%%
-The NOT expected result.
-%%
-
-%%
-Skeleton test.
-%%%
-999999
-%%
-[the test] [perl]
-# Make this come out right
-return 'The expected result as a regex.';
-[/perl]
-%%
-The expected result as a regex.
-%%
-The NOT expected result.
-%%
-
-%%
-Skeleton test.
-%%%
-999999
-%%
-[the test] [perl]
-# Make this come out right
-return 'The expected result as a regex.';
-[/perl]
-%%
-The expected result as a regex.
-%%
-The NOT expected result.
-%%
-
-%%
-Skeleton test.
-%%%
-999999
-%%
-[the test] [perl]
-# Make this come out right
-return 'The expected result as a regex.';
-[/perl]
-%%
-The expected result as a regex.
-%%
-The NOT expected result.
-%%
-
-%%
-Skeleton test.
-%%%
-999999
-%%
-[the test] [perl]
-# Make this come out right
-return 'The expected result as a regex.';
-[/perl]
-%%
-The expected result as a regex.
-%%
-The NOT expected result.
-%%
-
-%%
-Skeleton test.
-%%%
-999999
-%%
-[the test] [perl]
-# Make this come out right
-return 'The expected result as a regex.';
-[/perl]
-%%
-The expected result as a regex.
-%%
-The NOT expected result.
-%%
-
-%%
-Skeleton test.
-%%%
-999999
-%%
-[the test] [perl]
-# Make this come out right
-return 'The expected result as a regex.';
-[/perl]
-%%
-The expected result as a regex.
-%%
-The NOT expected result.
-%%
-
-%%
-Skeleton test.
-%%%
-999999
-%%
-[the test] [perl]
-# Make this come out right
-return 'The expected result as a regex.';
-[/perl]
-%%
-The expected result as a regex.
-%%
-The NOT expected result.
-%%
-
-%%
-Skeleton test.
-%%%
-999999
-%%
-[the test] [perl]
-# Make this come out right
-return 'The expected result as a regex.';
-[/perl]
-%%
-The expected result as a regex.
-%%
-The NOT expected result.
-%%
-
-%%
-Skeleton test.
-%%%
-999999
-%%
-[the test] [perl]
-# Make this come out right
-return 'The expected result as a regex.';
-[/perl]
-%%
-The expected result as a regex.
-%%
-The NOT expected result.
-%%
-
-%%
-Skeleton test.
-%%%
-999999
-%%
-[the test] [perl]
-# Make this come out right
-return 'The expected result as a regex.';
-[/perl]
-%%
-The expected result as a regex.
-%%
-The NOT expected result.
-%%
-
-%%
-Skeleton test.
-%%%
-999999
-%%
-[the test] [perl]
-# Make this come out right
-return 'The expected result as a regex.';
-[/perl]
-%%
-The expected result as a regex.
-%%
-The NOT expected result.
-%%
-
-%%
-Skeleton test.
-%%%
-999999
-%%
-[the test] [perl]
-# Make this come out right
-return 'The expected result as a regex.';
-[/perl]
-%%
-The expected result as a regex.
-%%
-The NOT expected result.
-%%
-
-%%
-Skeleton test.
-%%%
-999999
-%%
-[the test] [perl]
-# Make this come out right
-return 'The expected result as a regex.';
-[/perl]
-%%
-The expected result as a regex.
-%%
-The NOT expected result.
-%%
-
-%%
-Skeleton test.
-%%%
-999999
-%%
-[the test] [perl]
-# Make this come out right
-return 'The expected result as a regex.';
-[/perl]
-%%
-The expected result as a regex.
-%%
-The NOT expected result.
-%%
-
-%%
-Skeleton test.
-%%%
-999999
-%%
-[the test] [perl]
-# Make this come out right
-return 'The expected result as a regex.';
-[/perl]
-%%
-The expected result as a regex.
-%%
-The NOT expected result.
-%%
-
-%%
-Skeleton test.
-%%%
-999999
-%%
-[the test] [perl]
-# Make this come out right
-return 'The expected result as a regex.';
-[/perl]
-%%
-The expected result as a regex.
-%%
-The NOT expected result.
-%%
-
-%%
-Skeleton test.
-%%%
-999999
-%%
-[the test] [perl]
-# Make this come out right
-return 'The expected result as a regex.';
-[/perl]
-%%
-The expected result as a regex.
-%%
-The NOT expected result.
-%%
-
-%%
-Skeleton test.
-%%%
-999999
-%%
-[the test] [perl]
-# Make this come out right
-return 'The expected result as a regex.';
-[/perl]
-%%
-The expected result as a regex.
-%%
-The NOT expected result.
-%%
-
-%%
-Skeleton test.
-%%%
-999999
-%%
-[the test] [perl]
-# Make this come out right
-return 'The expected result as a regex.';
-[/perl]
-%%
-The expected result as a regex.
-%%
-The NOT expected result.
-%%
-
-%%
-Skeleton test.
-%%%
-999999
-%%
-[the test] [perl]
-# Make this come out right
-return 'The expected result as a regex.';
-[/perl]
-%%
-The expected result as a regex.
-%%
-The NOT expected result.
-%%
-
-%%
-Skeleton test.
-%%%
-999999
-%%
-[the test] [perl]
-# Make this come out right
-return 'The expected result as a regex.';
-[/perl]
-%%
-The expected result as a regex.
-%%
-The NOT expected result.
-%%
-
-%%
-Skeleton test.
-%%%
-999999
-%%
-[the test] [perl]
-# Make this come out right
-return 'The expected result as a regex.';
-[/perl]
-%%
-The expected result as a regex.
-%%
-The NOT expected result.
-%%
-
-%%
-Skeleton test.
-%%%
-999999
-%%
-[the test] [perl]
-# Make this come out right
-return 'The expected result as a regex.';
-[/perl]
-%%
-The expected result as a regex.
-%%
-The NOT expected result.
-%%
-
-%%
-Skeleton test.
-%%%
-999999
-%%
-[the test] [perl]
-# Make this come out right
-return 'The expected result as a regex.';
-[/perl]
-%%
-The expected result as a regex.
-%%
-The NOT expected result.
-%%
-
-%%
-Skeleton test.
-%%%
-999999
-%%
-[the test] [perl]
-# Make this come out right
-return 'The expected result as a regex.';
-[/perl]
-%%
-The expected result as a regex.
-%%
-The NOT expected result.
-%%
-
-%%
-Skeleton test.
-%%%
-999999
-%%
-[the test] [perl]
-# Make this come out right
-return 'The expected result as a regex.';
-[/perl]
-%%
-The expected result as a regex.
-%%
-The NOT expected result.
-%%
-
-%%
-Skeleton test.
-%%%
-999999
-%%
-[the test] [perl]
-# Make this come out right
-return 'The expected result as a regex.';
-[/perl]
-%%
-The expected result as a regex.
-%%
-The NOT expected result.
-%%
-
-%%
-Skeleton test.
-%%%
-999999
-%%
-[the test] [perl]
-# Make this come out right
-return 'The expected result as a regex.';
-[/perl]
-%%
-The expected result as a regex.
-%%
-The NOT expected result.
-%%
-
-%%
-Skeleton test.
-%%%
-999999
-%%
-[the test] [perl]
-# Make this come out right
-return 'The expected result as a regex.';
-[/perl]
-%%
-The expected result as a regex.
-%%
-The NOT expected result.
-%%
-
-%%
-Skeleton test.
-%%%
-999999
-%%
-[the test] [perl]
-# Make this come out right
-return 'The expected result as a regex.';
-[/perl]
-%%
-The expected result as a regex.
-%%
-The NOT expected result.
-%%
-
-%%
-Skeleton test.
-%%%
-999999
-%%
-[the test] [perl]
-# Make this come out right
-return 'The expected result as a regex.';
-[/perl]
-%%
-The expected result as a regex.
-%%
-The NOT expected result.
-%%
-
-%%
-Skeleton test.
-%%%
-999999
-%%
-[the test] [perl]
-# Make this come out right
-return 'The expected result as a regex.';
-[/perl]
-%%
-The expected result as a regex.
-%%
-The NOT expected result.
-%%
-
-%%
-Skeleton test.
-%%%
-999999
-%%
-[the test] [perl]
-# Make this come out right
-return 'The expected result as a regex.';
-[/perl]
-%%
-The expected result as a regex.
-%%
-The NOT expected result.
-%%
-
-%%
-Skeleton test.
-%%%
-999999
-%%
-[the test] [perl]
-# Make this come out right
-return 'The expected result as a regex.';
-[/perl]
-%%
-The expected result as a regex.
-%%
-The NOT expected result.
-%%
-
-%%
-Skeleton test.
-%%%
-999999
-%%
-[the test] [perl]
-# Make this come out right
-return 'The expected result as a regex.';
-[/perl]
-%%
-The expected result as a regex.
-%%
-The NOT expected result.
-%%
-
-%%
-Skeleton test.
-%%%
-999999
-%%
-[the test] [perl]
-# Make this come out right
-return 'The expected result as a regex.';
-[/perl]
-%%
-The expected result as a regex.
-%%
-The NOT expected result.
-%%
-
-%%
-Skeleton test.
-%%%
-999999
-%%
-[the test] [perl]
-# Make this come out right
-return 'The expected result as a regex.';
-[/perl]
-%%
-The expected result as a regex.
-%%
-The NOT expected result.
-%%
-
-%%
-Skeleton test.
-%%%
-999999
-%%
-[the test] [perl]
-# Make this come out right
-return 'The expected result as a regex.';
-[/perl]
-%%
-The expected result as a regex.
-%%
-The NOT expected result.
-%%
-
-%%
-Skeleton test.
-%%%
-999999
-%%
-[the test] [perl]
-# Make this come out right
-return 'The expected result as a regex.';
-[/perl]
-%%
-The expected result as a regex.
-%%
-The NOT expected result.
-%%
-
-%%
-Skeleton test.
-%%%
-999999
-%%
-[the test] [perl]
-# Make this come out right
-return 'The expected result as a regex.';
-[/perl]
-%%
-The expected result as a regex.
-%%
-The NOT expected result.
-%%
-
-%%
-Skeleton test.
-%%%
-999999
-%%
-[the test] [perl]
-# Make this come out right
-return 'The expected result as a regex.';
-[/perl]
-%%
-The expected result as a regex.
-%%
-The NOT expected result.
-%%
-
-%%
-Skeleton test.
-%%%
-999999
-%%
-[the test] [perl]
-# Make this come out right
-return 'The expected result as a regex.';
-[/perl]
-%%
-The expected result as a regex.
-%%
-The NOT expected result.
-%%
-
-%%
-Skeleton test.
-%%%
-999999
-%%
-[the test] [perl]
-# Make this come out right
-return 'The expected result as a regex.';
-[/perl]
-%%
-The expected result as a regex.
-%%
-The NOT expected result.
-%%
-
-%%
-Skeleton test.
-%%%
-999999
-%%
-[the test] [perl]
-# Make this come out right
-return 'The expected result as a regex.';
-[/perl]
-%%
-The expected result as a regex.
-%%
-The NOT expected result.
-%%
-
-%%
-Skeleton test.
-%%%
-999999
-%%
-[the test] [perl]
-# Make this come out right
-return 'The expected result as a regex.';
-[/perl]
-%%
-The expected result as a regex.
-%%
-The NOT expected result.
-%%
-
-%%
-Skeleton test.
-%%%
-999999
-%%
-[the test] [perl]
-# Make this come out right
-return 'The expected result as a regex.';
-[/perl]
-%%
-The expected result as a regex.
-%%
-The NOT expected result.
-%%
-
-%%
-Skeleton test.
-%%%
-999999
-%%
-[the test] [perl]
-# Make this come out right
-return 'The expected result as a regex.';
-[/perl]
-%%
-The expected result as a regex.
-%%
-The NOT expected result.
-%%
-
-%%
-Skeleton test.
-%%%
-999999
-%%
-[the test] [perl]
-# Make this come out right
-return 'The expected result as a regex.';
-[/perl]
-%%
-The expected result as a regex.
-%%
-The NOT expected result.
-%%
-
-%%
-Skeleton test.
-%%%
-999999
-%%
-[the test] [perl]
-# Make this come out right
-return 'The expected result as a regex.';
-[/perl]
-%%
-The expected result as a regex.
-%%
-The NOT expected result.
-%%
-
-%%
-Skeleton test.
-%%%
-999999
-%%
-[the test] [perl]
-# Make this come out right
-return 'The expected result as a regex.';
-[/perl]
-%%
-The expected result as a regex.
-%%
-The NOT expected result.
-%%
-
-%%
-Skeleton test.
-%%%
-999999
-%%
-[the test] [perl]
-# Make this come out right
-return 'The expected result as a regex.';
-[/perl]
-%%
-The expected result as a regex.
-%%
-The NOT expected result.
-%%
-
-%%
-Skeleton test.
-%%%
-999999
-%%
-[the test] [perl]
-# Make this come out right
-return 'The expected result as a regex.';
-[/perl]
-%%
-The expected result as a regex.
-%%
-The NOT expected result.
-%%
-
-%%
-Skeleton test.
-%%%
-999999
-%%
-[the test] [perl]
-# Make this come out right
-return 'The expected result as a regex.';
-[/perl]
-%%
-The expected result as a regex.
-%%
-The NOT expected result.
-%%
-
-%%
-Skeleton test.
-%%%
-999999
-%%
-[the test] [perl]
-# Make this come out right
-return 'The expected result as a regex.';
-[/perl]
-%%
-The expected result as a regex.
-%%
-The NOT expected result.
-%%
-
-%%
-Skeleton test.
-%%%
-999999
-%%
-[the test] [perl]
-# Make this come out right
-return 'The expected result as a regex.';
-[/perl]
-%%
-The expected result as a regex.
-%%
-The NOT expected result.
-%%
-
-%%
-Skeleton test.
-%%%
-999999
-%%
-[the test] [perl]
-# Make this come out right
-return 'The expected result as a regex.';
-[/perl]
-%%
-The expected result as a regex.
-%%
-The NOT expected result.
-%%
-
-%%
-Skeleton test.
-%%%
-999999
-%%
-[the test] [perl]
-# Make this come out right
-return 'The expected result as a regex.';
-[/perl]
-%%
-The expected result as a regex.
-%%
-The NOT expected result.
-%%
-
-%%
-Skeleton test.
-%%%
-999999
-%%
-[the test] [perl]
-# Make this come out right
-return 'The expected result as a regex.';
-[/perl]
-%%
-The expected result as a regex.
-%%
-The NOT expected result.
-%%
-
-%%
-Skeleton test.
-%%%
-999999
-%%
-[the test] [perl]
-# Make this come out right
-return 'The expected result as a regex.';
-[/perl]
-%%
-The expected result as a regex.
-%%
-The NOT expected result.
-%%
-
-%%
-Skeleton test.
-%%%
-999999
-%%
-[the test] [perl]
-# Make this come out right
-return 'The expected result as a regex.';
-[/perl]
-%%
-The expected result as a regex.
-%%
-The NOT expected result.
-%%
-
-%%
-Skeleton test.
-%%%
-999999
-%%
-[the test] [perl]
-# Make this come out right
-return 'The expected result as a regex.';
-[/perl]
-%%
-The expected result as a regex.
-%%
-The NOT expected result.
-%%
-
-%%
-Skeleton test.
-%%%
-999999
-%%
-[the test] [perl]
-# Make this come out right
-return 'The expected result as a regex.';
-[/perl]
-%%
-The expected result as a regex.
-%%
-The NOT expected result.
-%%
-
-%%
-Skeleton test.
-%%%
-999999
-%%
-[the test] [perl]
-# Make this come out right
-return 'The expected result as a regex.';
-[/perl]
-%%
-The expected result as a regex.
-%%
-The NOT expected result.
-%%
-
-%%
-Skeleton test.
-%%%
-999999
-%%
-[the test] [perl]
-# Make this come out right
-return 'The expected result as a regex.';
-[/perl]
-%%
-The expected result as a regex.
-%%
-The NOT expected result.
-%%
-
-%%
-Skeleton test.
-%%%
-999999
-%%
-[the test] [perl]
-# Make this come out right
-return 'The expected result as a regex.';
-[/perl]
-%%
-The expected result as a regex.
-%%
-The NOT expected result.
-%%
-
-%%
-Skeleton test.
-%%%
-999999
-%%
-[the test] [perl]
-# Make this come out right
-return 'The expected result as a regex.';
-[/perl]
-%%
-The expected result as a regex.
-%%
-The NOT expected result.
-%%
-
-%%
-Skeleton test.
-%%%
-999999
-%%
-[the test] [perl]
-# Make this come out right
-return 'The expected result as a regex.';
-[/perl]
-%%
-The expected result as a regex.
-%%
-The NOT expected result.
-%%
-
-%%
-Skeleton test.
-%%%
-999999
-%%
-[the test] [perl]
-# Make this come out right
-return 'The expected result as a regex.';
-[/perl]
-%%
-The expected result as a regex.
-%%
-The NOT expected result.
-%%
-
-%%
-Skeleton test.
-%%%
-999999
-%%
-[the test] [perl]
-# Make this come out right
-return 'The expected result as a regex.';
-[/perl]
-%%
-The expected result as a regex.
-%%
-The NOT expected result.
-%%
-
-%%
-Skeleton test.
-%%%
-999999
-%%
-[the test] [perl]
-# Make this come out right
-return 'The expected result as a regex.';
-[/perl]
-%%
-The expected result as a regex.
-%%
-The NOT expected result.
-%%
-
-%%
-Skeleton test.
-%%%
-999999
-%%
-[the test] [perl]
-# Make this come out right
-return 'The expected result as a regex.';
-[/perl]
-%%
-The expected result as a regex.
-%%
-The NOT expected result.
-%%
-
-%%
-Skeleton test.
-%%%
-999999
-%%
-[the test] [perl]
-# Make this come out right
-return 'The expected result as a regex.';
-[/perl]
-%%
-The expected result as a regex.
-%%
-The NOT expected result.
-%%
-
-%%
-Skeleton test.
-%%%
-999999
-%%
-[the test] [perl]
-# Make this come out right
-return 'The expected result as a regex.';
-[/perl]
-%%
-The expected result as a regex.
-%%
-The NOT expected result.
-%%
-
-%%
-Skeleton test.
-%%%
-999999
-%%
-[the test] [perl]
-# Make this come out right
-return 'The expected result as a regex.';
-[/perl]
-%%
-The expected result as a regex.
-%%
-The NOT expected result.
-%%
-
-%%
-Skeleton test.
-%%%
-999999
-%%
-[the test] [perl]
-# Make this come out right
-return 'The expected result as a regex.';
-[/perl]
-%%
-The expected result as a regex.
-%%
-The NOT expected result.
-%%
-
-%%
-Skeleton test.
diff --git a/lib/Vend/Config.pm b/lib/Vend/Config.pm
index 4a15c7b..2bb2984 100644
--- a/lib/Vend/Config.pm
+++ b/lib/Vend/Config.pm
@@ -52,7 +52,7 @@ use Vend::File;
 use Vend::Data;
 use Vend::Cron;
 
-$VERSION = substr(q$Revision: 2.188.2.4 $, 10);
+$VERSION = '2.188.2.4';
 
 my %CDname;
 my %CPname;
@@ -596,6 +596,7 @@ sub catalog_directives {
 	['FileDatabase',	 undef,				 ''],
 	['RequiredFields',   undef,              ''],
 	['NoSearch',         'wildcard',         'userdb'],
+	['AllowRemoteSearch',    'array_complete',     'products variants options'],
 	['OrderCounter',	 undef,     	     ''],
 	['MimeType',         'hash',             ''],
 	['AliasTable',	 	 undef,     	     ''],
@@ -992,6 +993,8 @@ sub config {
 	my($catalog, $dir, $confdir, $subconfig, $existing, $passed_file) = @_;
 	my($d, $parse, $var, $value, $lvar);
 
+	$Vend::Cat = $catalog;
+
 	if(ref $existing eq 'HASH') {
 #::logDebug("existing=$existing");
 		$C = $existing;
@@ -3434,12 +3437,20 @@ sub set_default_search {
 		},
 		ProductFiles => \&set_default_search,
 		VendRoot => sub {
+			my $cat_template_dirs = $C->{TemplateDir} || [];
+			if ($Global::NoAbsolute) {
+				for (@$cat_template_dirs) {
+					if (absolute_or_relative($_) and ! /^$C->{VendRoot}/) {
+						config_error("TemplateDir path %s is prohibited by NoAbsolute", $_);
+					}
+				}
+			}
 			my @paths = map { quotemeta $_ }
 							$C->{VendRoot},
-							@{$C->{TemplateDir} || []},
+							@$cat_template_dirs,
 							@{$Global::TemplateDir || []};
 			my $re = join "|", @paths;
-			$C->{AllowedFileRegex} = qr{^($re)};
+			$Global::AllowedFileRegex->{$C->{CatalogName}} = qr{^($re)};
 			return 1;
 		},
 		Autoload => sub {
@@ -3699,29 +3710,28 @@ sub parse_root_dir_array {
 sub parse_dir_array {
 	my($var, $value) = @_;
 	return [] unless $value;
+
+	unless (allowed_file($value)) {
+		config_error('Path %s not allowed in %s directive',
+					  $value, $var);
+	}
 	$value = "$C->{VendRoot}/$value"
 		unless file_name_is_absolute($value);
 	$value =~ s./+$..;
+
 	$C->{$var} = [] unless $C->{$var};
 	my $c = $C->{$var} || [];
 	push @$c, $value;
 	return $c;
 }
 
-# Prepend the CatalogRoot pathname to the relative directory specified,
-# unless it already starts with a leading /.
-
 sub parse_relative_dir {
 	my($var, $value) = @_;
 
-	config_error(
-	  "No leading / allowed if NoAbsolute set. Contact administrator.\n"
-	  )
-	  if file_name_is_absolute($value) and $Global::NoAbsolute;
-	config_error(
-	  "No leading ../.. allowed if NoAbsolute set. Contact administrator.\n"
-	  )
-	  if $value =~ m#^\.\./.*\.\.# and $Global::NoAbsolute;
+	if (absolute_or_relative($value)) {
+		config_error('Path %s not allowed in %s directive',
+					  $value, $var);
+	}
 
 	$C->{Source}{$var} = $value;
 
diff --git a/lib/Vend/Dispatch.pm b/lib/Vend/Dispatch.pm
index e70dc65..e814563 100644
--- a/lib/Vend/Dispatch.pm
+++ b/lib/Vend/Dispatch.pm
@@ -1,8 +1,6 @@
 # Vend::Dispatch - Handle Interchange page requests
 #
-# $Id: Dispatch.pm,v 1.60.2.3 2007-03-30 12:15:27 pajamian Exp $
-#
-# Copyright (C) 2002-2005 Interchange Development Group
+# Copyright (C) 2002-2009 Interchange Development Group
 # Copyright (C) 2002 Mike Heins <mike at perusion.net>
 #
 # This program was originally based on Vend 0.2 and 0.3
@@ -26,7 +24,7 @@
 package Vend::Dispatch;
 
 use vars qw($VERSION);
-$VERSION = substr(q$Revision: 1.60.2.3 $, 10);
+$VERSION = '1.60.2.3';
 
 use POSIX qw(strftime);
 use Vend::Util;
@@ -731,16 +729,17 @@ sub run_in_catalog {
 	my $dir;
 	my @itl;
 	if($job) {
-		my ($d, $global_dir, $tmp);
 		my @jobdirs = ([$jobscfg->{base_directory} || 'etc/jobs', 0]);
 
 		if ($jobscfg->{use_global}) {
 			push (@jobdirs, ["$Global::ConfDir/jobs", 1]);
 		}
 
+		my $global_dir;
 		for my $r (@jobdirs) {
-#::logGlobal("check directory=$d for $job");
+			my $d;
 			($d, $global_dir) = @$r;
+#::logGlobal("check directory=$d for $job");
 			next unless $d;
 			next unless -d "$d/$job";
 			$dir = "$d/$job";
@@ -748,9 +747,10 @@ sub run_in_catalog {
 		}
 
 		if($dir) {
+			my $tmp;
 			if ($global_dir) {
-				$tmp = $Vend::Cfg->{AllowedFileRegex};
-				$Vend::Cfg->{AllowedFileRegex} = qr{^$dir};
+				$tmp = $Global::AllowedFileRegex->{$cat};
+				$Global::AllowedFileRegex->{$cat} = qr{^$dir};
 			}
 			
 			my @f = glob("$dir/*");
@@ -762,7 +762,7 @@ sub run_in_catalog {
 			}
 
 			if ($global_dir) {
-				$Vend::Cfg->{AllowedFileRegex} = $tmp;
+				$Global::AllowedFileRegex->{$cat} = $tmp;
 			}
 		}
 	}
diff --git a/lib/Vend/File.pm b/lib/Vend/File.pm
index 68b118c..043b31b 100644
--- a/lib/Vend/File.pm
+++ b/lib/Vend/File.pm
@@ -1,8 +1,6 @@
 # Vend::File - Interchange file functions
 #
-# $Id: File.pm,v 2.21.2.1 2007-03-30 12:15:27 pajamian Exp $
-# 
-# Copyright (C) 2002-2005 Interchange Development Group
+# Copyright (C) 2002-2009 Interchange Development Group
 # Copyright (C) 1996-2002 Red Hat, Inc.
 #
 # This program was originally based on Vend 0.2 and 0.3
@@ -55,7 +53,7 @@ use File::Path;
 use File::Copy;
 use subs qw(logError logGlobal);
 use vars qw($VERSION @EXPORT @EXPORT_OK $errstr);
-$VERSION = substr(q$Revision: 2.21.2.1 $, 10);
+$VERSION = '2.21.2.1';
 
 sub writefile {
     my($file, $data, $opt) = @_;
@@ -188,9 +186,11 @@ sub readfile {
 		$file = $ifile;
 	}
 	else {
-		for( ".", @{$Global::TemplateDir} ) {
-			next if ! -f "$_/$ifile";
-			$file = "$_/$ifile";
+		for (".", @{$Vend::Cfg->{TemplateDir} || []}, @{$Global::TemplateDir || []}) {
+			my $candidate = "$_/$ifile";
+			log_file_violation($candidate), next if ! allowed_file($candidate);
+			next if ! -f $candidate;
+			$file = $candidate;
 			last;
 		}
 	}
@@ -657,7 +657,7 @@ sub allowed_file {
 	$Vend::File::errstr = '';
 	if(	$Global::NoAbsolute
 			and
-		$fn !~ $Vend::Cfg->{AllowedFileRegex}
+		$fn !~ $Global::AllowedFileRegex->{$Vend::Cat}
 			and
 		absolute_or_relative($fn)
 		)
diff --git a/lib/Vend/Interpolate.pm b/lib/Vend/Interpolate.pm
index 45447ee..eac6f1d 100644
--- a/lib/Vend/Interpolate.pm
+++ b/lib/Vend/Interpolate.pm
@@ -4588,7 +4588,7 @@ sub region {
 		if($CGI::values{mv_more_matches} || $CGI::values{MM}) {
 
 			### It is a more function, we need to get the parameters
-			find_search_params();
+			find_search_params(\%CGI::values);
 			delete $CGI::values{mv_more_matches};
 		}
 		elsif ($opt->{search}) {
diff --git a/lib/Vend/Order.pm b/lib/Vend/Order.pm
index 7f6c830..5e87ca7 100644
--- a/lib/Vend/Order.pm
+++ b/lib/Vend/Order.pm
@@ -451,7 +451,6 @@ sub build_cc_info {
 			{MV_CREDIT_CARD_TYPE}
 			{MV_CREDIT_CARD_NUMBER}
 			{MV_CREDIT_CARD_EXP_MONTH}/{MV_CREDIT_CARD_EXP_YEAR}
-			{MV_CREDIT_CARD_CVV2}
 		)) . "\n";
 
 	$cardinfo->{MV_CREDIT_CARD_TYPE} ||=
diff --git a/lib/Vend/Page.pm b/lib/Vend/Page.pm
index f8a4c86..618748b 100644
--- a/lib/Vend/Page.pm
+++ b/lib/Vend/Page.pm
@@ -164,11 +164,34 @@ sub do_page {
 	display_page();
 }
 
+sub _check_search_file {
+	my ($c) = @_;
+	my $f;
+
+	if ($c->{mv_search_file}) {
+		my(@files) = grep /\S/, split /\s*[,\0]\s*/, $c->{mv_search_file}, -1;
+		for $f (@files) {
+			unless (grep { $f eq $_ } @{$Vend::Cfg->{AllowRemoteSearch}}) {
+				::logGlobal("Security violation, trying to remote search '%s', doesn't match '%s'",
+					$_, $Vend::Cfg->{AllowRemoteSearch});
+				die "Security violation";
+			}
+		}
+	}
+}
+
 ## DO SEARCH
 sub do_search {
-	my($c) = \%CGI::values;
+	my($c) = @_;
 	::update_user();
 
+	# If search parameters not passed in via function, then safely pull them from
+	# the CGI values.
+	if (!is_hash($c)) {
+		$c = find_search_params(\%CGI::values);
+		_check_search_file($c);
+	}
+
 	if ($c->{mv_more_matches}) {
 		$Vend::Session->{last_search} = "scan/MM=$c->{mv_more_matches}";
 		$c->{mv_more_matches} =~ m/([a-zA-Z0-9])+/;
@@ -198,6 +221,8 @@ sub do_scan {
 	$Vend::ScanPassed = "scan/$path";
 	find_search_params($c,$path);
 
+	_check_search_file($c);
+
 	if ($c->{mv_more_matches}) {
 		$Vend::Session->{last_search} = "scan/MM=$c->{mv_more_matches}";
 		$Vend::More_in_progress = 1;
diff --git a/lib/Vend/Scan.pm b/lib/Vend/Scan.pm
index 51c80bf..3cdf7c2 100644
--- a/lib/Vend/Scan.pm
+++ b/lib/Vend/Scan.pm
@@ -276,10 +276,7 @@ sub create_last_search {
 sub find_search_params {
 	my($c,$param) = @_;
 	my(@args);
-	if(! $param) {
-		$c = \%CGI::values;
-	}
-	else {
+	if($param) {
 		$param =~ s/-_NULL_-/\0/g;
 		@args = split m:/:, $param;
 	}
diff --git a/lib/Vend/Util.pm b/lib/Vend/Util.pm
index 2a6fe0b..63998fb 100644
--- a/lib/Vend/Util.pm
+++ b/lib/Vend/Util.pm
@@ -1732,22 +1732,29 @@ sub logError {
 	$Vend::Errors .= $msg
 		if $Vend::Cfg->{DisplayErrors} || $Global::DisplayErrors;
 
-    eval {
-		open(MVERROR, ">> $opt->{file}")
-											or die "open\n";
-		lockfile(\*MVERROR, 1, 1)		or die "lock\n";
-		seek(MVERROR, 0, 2)				or die "seek\n";
-		print(MVERROR $msg, "\n")		or die "write to\n";
-		unlockfile(\*MVERROR)			or die "unlock\n";
-		close(MVERROR)					or die "close\n";
-    };
+    my $reason;
+    if (! allowed_file($opt->{file}, 1)) {
+        $@ = 'access';
+        $reason = 'prohibited by global configuration';
+    }
+    else {
+        eval {
+            open(MVERROR, ">> $opt->{file}")
+                                        or die "open\n";
+            lockfile(\*MVERROR, 1, 1)   or die "lock\n";
+            seek(MVERROR, 0, 2)         or die "seek\n";
+            print(MVERROR $msg, "\n")   or die "write to\n";
+            unlockfile(\*MVERROR)       or die "unlock\n";
+            close(MVERROR)              or die "close\n";
+        };
+    }
     if ($@) {
 		chomp $@;
 		logGlobal ({ level => 'info' },
 					"Could not %s error file %s: %s\nto report this error: %s",
 					$@,
 					$opt->{file},
-					$!,
+					$reason || $!,
 					$msg,
 				);
     }
diff --git a/scripts/compile_link.PL b/scripts/compile_link.PL
index 161eed8..c614e78 100644
--- a/scripts/compile_link.PL
+++ b/scripts/compile_link.PL
@@ -35,7 +35,7 @@ use Getopt::Long;
 
 use vars qw/$Self/;
 
-Getopt::Long::config(qw/permute/);
+Getopt::Long::config(qw/permute no_ignore_case/);
 
 BEGIN {
 	$::Self = {
diff --git a/scripts/interchange.PL b/scripts/interchange.PL
index f8581e9..fb1bdb7 100644
--- a/scripts/interchange.PL
+++ b/scripts/interchange.PL
@@ -1,11 +1,9 @@
 #!/usr/bin/perl -w
 ##!~_~perlpath~_~
 #
-# Interchange version 5.4.3
+# Interchange version 5.4.4
 #
-# $Id: interchange.PL,v 2.86.2.6 2008-11-12 05:25:44 jon Exp $
-#
-# Copyright (C) 2002-2008 Interchange Development Group
+# Copyright (C) 2002-2009 Interchange Development Group
 # Copyright (C) 1996-2002 Red Hat, Inc.
 # http://www.icdevgroup.org/
 #
@@ -143,7 +141,7 @@ use vars qw($VERSION);
 require Exporter;
 
 BEGIN {
-	$VERSION = '5.4.3';
+	$VERSION = '5.4.4';
 
 	unless ($] >= 5.006) {
 		die "Interchange $VERSION requires Perl 5.6.0 or later,\nbut you're trying to run it under Perl $]. Exiting.\n";
@@ -344,7 +342,7 @@ sub dontwarn {
 }
 
 sub version {
-	print "Interchange version $VERSION copyright 2002-2008 Interchange Development Group and others.\n";
+	print "Interchange version $VERSION copyright 2002-2009 Interchange Development Group and others.\n";
 }
 
 =head1 NAME
@@ -357,7 +355,7 @@ interchange [--options] [file]
 
 =head1 VERSION
 
-5.4.3
+5.4.4
 
 =head1 DESCRIPTION
 
@@ -1023,7 +1021,7 @@ GNU General Public License.
 
 =head1 COPYRIGHT
 
-Copyright (C) 2002-2006 Interchange Development Group
+Copyright (C) 2002-2009 Interchange Development Group
 Copyright (C) 1995-2002 Red Hat, Inc.
 All rights reserved except those granted in the license.
 


hooks/post-receive
-- 
Interchange



More information about the interchange-cvs mailing list