peter at pajamian.dhs.org
Thu Feb 18 23:17:18 UTC 2010
On 19/02/10 10:40, Greg Sabino Mullane wrote:
>>> The second is a problem in do_search, in that AllowRemoteSearch is not
>>> checked via _check_search_file if $c comes into the do_search sub as
>>> a hash (as it can, at least in my testing on an older version of IC).
>>> I moved the check outside the "make it a hash if not" bit. Patch:
>> My understanding is that if it comes in as a hash then it's not a remote
>> search and so it doesn't have to use the same strict checks as it
>> otherwise would. In fact this change will break the new [search] tag
>> which is designed to replace remote searches in a safe manner.
> Okay, thanks, I suspected something like that might have been the case.
> For the record, this was found when patching a very old version (5.3!),
> which I was able to access "access" until I moved the check outside
> that block. I appreciate you taking the time to look over the patch.
Access it in what way? Were you able to craft a URL that showed the
data in the table on the results page?
More information about the interchange-users