[ic] AllowRemoteSearch
Greg Sabino Mullane
greg at endpoint.com
Thu Feb 18 21:40:28 UTC 2010
> > The second is a problem in do_search, in that AllowRemoteSearch is not
> > checked via _check_search_file if $c comes into the do_search sub as
> > a hash (as it can, at least in my testing on an older version of IC).
> > I moved the check outside the "make it a hash if not" bit. Patch:
> >
> > http://github.com/turnstep/interchange/commit/e6e313e46bba784347715285bd0895a7612a2b78
>
> My understanding is that if it comes in as a hash then it's not a remote
> search and so it doesn't have to use the same strict checks as it
> otherwise would. In fact this change will break the new [search] tag
> which is designed to replace remote searches in a safe manner.
Okay, thanks, I suspected something like that might have been the case.
For the record, this was found when patching a very old version (5.3!),
which I was able to access "access" until I moved the check outside
that block. I appreciate you taking the time to look over the patch.
--
Greg Sabino Mullane greg at endpoint.com
End Point Corporation
PGP Key: 0x14964AC8
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 163 bytes
Desc: not available
URL: <http://www.icdevgroup.org/pipermail/interchange-users/attachments/20100218/f4643827/attachment.pgp>
More information about the interchange-users
mailing list