[ic] search error: Limit subroutine creation
Steffen Dettmer
interchange-users@interchange.redhat.com
Sat Nov 24 12:41:01 2001
* cfm@maine.com wrote on Fri, Nov 23, 2001 at 18:48 -0500:
> On Fri, Nov 23, 2001 at 11:56:20PM +0100, Joachim Leidinger wrote:
> > > > search error: Limit subroutine creation: Bad code: /SCSI-III (U2W/:
> > > > unmatched () in regexp at (eval 230) line 6, <SEARCH> chunk 1.
>
> /SCSI-III (U2W/ <---- Oops, that last / is killing the parenthesis
> match. Not that you want that either!
I haven't checked the code, but for me it looks dangerous that
there is not input validator putting an error before. What would
happen when the user constructs careful search strings like
se=x/;some_perl_code or similar?
> My suggest is that you use another category string,
> "SCSI_III_U2W_160_LVD_Kabel" is what Squash sub would produce.
This stops IC from generating non-working links, but an attacker
could request them with faked pages of course. Do I have to carry
about such issues when developing a catalog with ITL, or is it
safe by it's concepts?
oki,
Steffen
--
Dieses Schreiben wurde maschinell erstellt,
es trägt daher weder Unterschrift noch Siegel.