#238 Identifier is not shown in title

v1.2
closed-fixed
None
3
2014-02-05
2013-06-02
No

Template.pm line 1664:

    } elsif ($who eq 'ident') {
            my $i = $HTTP->{'param'}{'_i'};
            $ret = $config->sourcerootname . ' identifier search'
                            . ($i ? ": $i" : ',');

The problem is that identifier is not shown in the title, because there is no $HTTP->{'param'}{'_i'} - it is deleted in Common.pm line 1070:

    # remove the param versions to prevent unclean versions being used
    delete $HTTP->{'param'}{'_i'};

Discussion

  • Andre-Littoz

    Andre-Littoz - 2013-06-03

    Yes, {'param'}{'_i'} is deleted to remove any XSS risk. A "safe" (but not identical) version is kept in global variable $identifier.

    The correct sequence in sub titleexpand (Template.pm) is:

    ~~~~~~~~~
    } elsif ($who eq 'ident') {
    $ret = $config->{'sourcerootname'} . ' identifier search'
    . ($identifier ? ": $identifier" : '');
    ~~~~~~~~~~~~~

    I made a "general search" for '_i' and there does not seem to exist another reference to this filtered parameter.

    Once again, thanks for reporting bugs.

    This will be fixed in upcoming 1.3.0 (or 2.0.0 depending on the amount of change -- I'm working hard on improving configuration process and integrating LXR with Nginx, Cherokee and thttpd servers).

    ajl

     
  • Andre-Littoz

    Andre-Littoz - 2013-06-03
    • status: open --> pending
    • assigned_to: Andre-Littoz
    • Priority: 5 --> 3
     
  • Andre-Littoz

    Andre-Littoz - 2013-06-03
    • status: pending --> closed
     
  • Andre-Littoz

    Andre-Littoz - 2013-06-03

    Fixed in CVS

     
  • Artem Germanov

    Artem Germanov - 2013-06-03

    At least for 1.2

    $ret = $config->{'sourcerootname'}

    doesn't work, it prints '$v' in the title, not version. I changed to

    $ret = $config->sourcerootname

    and that works fine.

     
  • Andre-Littoz

    Andre-Littoz - 2013-06-03
    • status: closed --> pending
     
  • Andre-Littoz

    Andre-Littoz - 2013-06-03

    You're right, I did not notice when I corrected; I just looked that the identifier was printed. I did that change to have a more consistent Perl syntax. $config->sourcerootname makes use of dynamic Perl features and I wanted something more static to improve performance.

    $config->sourcerootname goes through AUTOLOAD (in Config.pm). This function computes value('sourcerootname'). Function value() discovers 'sourcerootname' is a configuration parameter and then requests varexpand() on it to replace all embedded variables by their values.

    I overlooked this feature which is really needed. I'll have to check what I already changed in other parts of LXR.

    A grateful thanks to you. CPACEbO!

     
  • Andre-Littoz

    Andre-Littoz - 2013-06-05

    Variable substitution in 'sourcerootname' restored.
    Fixed in CVS

     
  • Andre-Littoz

    Andre-Littoz - 2013-06-05
    • status: pending --> closed
     
  • Andre-Littoz

    Andre-Littoz - 2013-09-24
    • status: closed --> closed-fixed
     

Log in to post a comment.

Get latest updates about Open Source Projects, Conferences and News.

Sign up for the SourceForge newsletter:





No, thanks