[ic] Two patches to Page.pm related to AllowRemoteSearch

Greg Sabino Mullane greg at endpoint.com
Thu Feb 18 04:08:53 UTC 2010

While I was looking over the AllowRemoteSearch code in Page.pm, 
I came across what I believe are two bugs. I've committed them 
to github.

1. Make log output for AllowRemoteSearch violations much more useful

The first is that the "Security violation" message that appears 
in the log for non AllowRemoteSearch validated files is incorrect, and 
shows an empty string and a ref (e.g. ARRAY(0xdeadbeef) instead 
of the file name and the contents of AllowRemoteSearch. Patch:


2. In do_search, look for illegal files regardless of how $c arrives

The second is a problem in do_search, in that AllowRemoteSearch is not 
checked via _check_search_file if $c comes into the do_search sub as 
a hash (as it can, at least in my testing on an older version of IC).
I moved the check outside the "make it a hash if not" bit. Patch:


Greg Sabino Mullane greg at endpoint.com
End Point Corporation
PGP Key: 0x14964AC8
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 163 bytes
Desc: not available
URL: <http://www.icdevgroup.org/pipermail/interchange-users/attachments/20100217/028ec317/attachment.pgp>

More information about the interchange-users mailing list