[ic] AllowRemoteSearch

Peter peter at pajamian.dhs.org
Thu Feb 18 23:17:18 UTC 2010

On 19/02/10 10:40, Greg Sabino Mullane wrote:
>>> The second is a problem in do_search, in that AllowRemoteSearch is not 
>>> checked via _check_search_file if $c comes into the do_search sub as 
>>> a hash (as it can, at least in my testing on an older version of IC).
>>> I moved the check outside the "make it a hash if not" bit. Patch:
>>> http://github.com/turnstep/interchange/commit/e6e313e46bba784347715285bd0895a7612a2b78
>> My understanding is that if it comes in as a hash then it's not a remote
>> search and so it doesn't have to use the same strict checks as it
>> otherwise would.  In fact this change will break the new [search] tag
>> which is designed to replace remote searches in a safe manner.
> Okay, thanks, I suspected something like that might have been the case. 
> For the record, this was found when patching a very old version (5.3!), 
> which I was able to access "access" until I moved the check outside 
> that block. I appreciate you taking the time to look over the patch.

Access it in what way?  Were you able to craft a URL that showed the
data in the table on the results page?


More information about the interchange-users mailing list