os/doc
3
0
Fork 0
Code Issues Pull requests Projects Releases Wiki Activity

Allow '/' in the search filter so that people can search for stuff like

Browse source 
'games/robotfindskitten'.

PR:		www/104131
Reviewed by:	simon
This commit is contained in:
Ceri Davies 2006-10-08 17:00:12 +00:00
parent 4174f40071
commit ed46521e4b
Notes: svn2git 2020-12-08 03:00:23 +00:00 
svn path=/www/; revision=28815
1 changed files with 3 additions and 3 deletions
Download patch file Download diff file Expand all files Collapse all files

6
en/cgi/query-pr-summary.cgi
View file

@ -1,5 +1,5 @@
#!/usr/bin/perl -T #!/usr/bin/perl -T
# $FreeBSD: www/en/cgi/query-pr-summary.cgi,v 1.55 2006/09/12 21:53:18 danger Exp $ # $FreeBSD: www/en/cgi/query-pr-summary.cgi,v 1.56 2006/09/24 13:34:55 danger Exp $
$html_mode = 1 if $ENV{'DOCUMENT_ROOT'}; $html_mode = 1 if $ENV{'DOCUMENT_ROOT'};
$self_ref = $ENV{'SCRIPT_NAME'}; $self_ref = $ENV{'SCRIPT_NAME'};
@ -276,14 +276,14 @@ foreach ('category', 'originator', 'priority', 'class', 'responsible',
# Check if the arguments provided by user are secure. # Check if the arguments provided by user are secure.
# This is required to be able to run this script in # This is required to be able to run this script in
# taint mode (perl -T) # taint mode (perl -T)
if ($input{$_} =~ /^([-^'\[\]\@\s\w.]+)$/) { if ($input{$_} =~ /^([-^'\/\[\]\@\s\w.]+)$/) {
$d = $1; $d = $1;
$d =~ s/^"(.*)"$/$&/; $d =~ s/^"(.*)"$/$&/;
$d =~ s/'/\\'/; $d =~ s/'/\\'/;
$query_args .= " --${_}='$d'"; $query_args .= " --${_}='$d'";
} else { } else {
print "Insecure data in ${_}! Ignoring this filter.<br />". print "Insecure data in ${_}! Ignoring this filter.<br />".
"Only alphanumeric characters and ', -, [, ], ^, @ are allowed."; "Only alphanumeric characters and ', /, -, [, ], ^, @ are allowed.";
} }
} }
} }