Menu
▾
▴
[Exist-commits] eXist-1.0/samples/xmlrpc search.pl,1.1,1.2 find.rb,1.1,1.2
|
From: Wolfgang M. M. <wol...@us...> - 2004-04-01 14:24:43
|
Update of /cvsroot/exist/eXist-1.0/samples/xmlrpc In directory sc8-pr-cvs1.sourceforge.net:/tmp/cvs-serv23472/samples/xmlrpc Modified Files: search.pl find.rb Log Message: Security issues fixed: resources were included in the XQuery context though the user had no permission to read the resource. REST-style interface did not correctly check permissions; /db/system/users.xml could be retrieved by ordinary users. Index: find.rb =================================================================== RCS file: /cvsroot/exist/eXist-1.0/samples/xmlrpc/find.rb,v retrieving revision 1.1 retrieving revision 1.2 diff -C2 -d -r1.1 -r1.2 *** find.rb 19 Feb 2004 16:24:07 -0000 1.1 --- find.rb 1 Apr 2004 14:12:45 -0000 1.2 *************** *** 6,10 **** # query = <<END ! for \$speech in //SPEECH[LINE &= 'tear*'] order by \$speech/SPEAKER[1] return --- 6,10 ---- # query = <<END ! for \$speech in //SPEECH[LINE &= \$query] order by \$speech/SPEAKER[1] return *************** *** 16,20 **** puts "Query: #{query}" ! outputOptions = { "encoding" => "UTF-8", "indent" => "yes" } begin --- 16,23 ---- puts "Query: #{query}" ! vars = { "query" => "adrian*" } ! outputOptions = { "encoding" => "UTF-8", "indent" => "yes", ! "variables" => vars ! } begin Index: search.pl =================================================================== RCS file: /cvsroot/exist/eXist-1.0/samples/xmlrpc/search.pl,v retrieving revision 1.1 retrieving revision 1.2 diff -C2 -d -r1.1 -r1.2 *** search.pl 19 Feb 2004 16:24:07 -0000 1.1 --- search.pl 1 Apr 2004 14:12:45 -0000 1.2 *************** *** 10,14 **** $query = <<END; ! for \$speech in //SPEECH[LINE &= 'corrupt*'] order by \$speech/SPEAKER[1] return --- 10,14 ---- $query = <<END; ! for \$speech in //SPEECH[LINE &= \$query] order by \$speech/SPEAKER[1] return *************** *** 16,19 **** --- 16,28 ---- END + # user-supplied variables + $vars = RPC::XML::struct->new('query' => 'corrupt*'); + # Output options + $options = RPC::XML::struct->new( + 'indent' => 'yes', + 'encoding' => 'UTF-8', + 'variables' => $vars + ); + $URL = "http://guest:guest\@localhost:8080/exist/xmlrpc"; print "connecting to $URL...\n"; *************** *** 24,28 **** $req = RPC::XML::request->new("executeQuery", RPC::XML::base64->new($query), ! "UTF-8"); $resp = process($req); $result_id = $resp->value; --- 33,37 ---- $req = RPC::XML::request->new("executeQuery", RPC::XML::base64->new($query), ! "UTF-8", $options); $resp = process($req); $result_id = $resp->value; *************** *** 34,42 **** print "Found $hits hits.\n"; - # Output options - $options = RPC::XML::struct->new( - 'indent' => 'yes', - 'encoding' => 'UTF-8'); - # Retrieve query results 1 to 10 for($i = 1; $i < 10 && $i < $hits; $i++) { --- 43,46 ---- |
