[ic] Two patches to Page.pm related to AllowRemoteSearch
Greg Sabino Mullane
greg at endpoint.com
Thu Feb 18 04:08:53 UTC 2010
While I was looking over the AllowRemoteSearch code in Page.pm,
I came across what I believe are two bugs. I've committed them
to github.
1. Make log output for AllowRemoteSearch violations much more useful
The first is that the "Security violation" message that appears
in the log for non AllowRemoteSearch validated files is incorrect, and
shows an empty string and a ref (e.g. ARRAY(0xdeadbeef) instead
of the file name and the contents of AllowRemoteSearch. Patch:
http://github.com/turnstep/interchange/commit/3de5e8fed9bd7bb964b722f16d3ead5e7a718d7b
2. In do_search, look for illegal files regardless of how $c arrives
The second is a problem in do_search, in that AllowRemoteSearch is not
checked via _check_search_file if $c comes into the do_search sub as
a hash (as it can, at least in my testing on an older version of IC).
I moved the check outside the "make it a hash if not" bit. Patch:
http://github.com/turnstep/interchange/commit/e6e313e46bba784347715285bd0895a7612a2b78
--
Greg Sabino Mullane greg at endpoint.com
End Point Corporation
PGP Key: 0x14964AC8
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 163 bytes
Desc: not available
URL: <http://www.icdevgroup.org/pipermail/interchange-users/attachments/20100217/028ec317/attachment.pgp>
More information about the interchange-users
mailing list