Menu
▾
▴
Re: [Slashcode-development] Slash & Bender bug
|
From: Patrick G. <cap...@sl...> - 2001-01-02 15:09:38
|
Alessio Bragadini wrote:
>
> There is a problem in Slash if an admin has an aid including spaces or
> other "unsafe" characters: the link 'Also by' is constructed blindly
> from the aid without escaping those chars, preventing the search to work
> properly.
>
> in admin.pl:
>
> sub otherLinks {
> my $aid = shift;
> my $tid = shift;
>
> my $T = getTopic($tid);
>
> return <<EOT;
> <LI><A HREF="$I{rootdir}/search.pl?topic=$tid">More on
> $T->{alttext}</A></LI>
> <LI><A HREF="$I{rootdir}/search.pl?author=$aid">Also by $aid</A></LI>
> EOT
>
> should be something like
>
> sub otherLinks {
> my $aid = shift;
> my $esc_aid = $I{query}->escape($aid);
> my $tid = shift;
>
> my $T = getTopic($tid);
>
> return <<EOT;
> <LI><A HREF="$I{rootdir}/search.pl?topic=$tid">More on
> $T->{alttext}</A></LI>
> <LI><A HREF="$I{rootdir}/search.pl?author=$esc_aid">Also by
> $aid</A></LI>
> EOT
>
> This has been ported to Bender:
>
> plugins/Slash-Admin/dump:11:INSERT INTO templates VALUES
> ('','otherLinks','admin','default','eng','<LI><A HREF=\"[%
> constants.rootdir %]/search.pl?topic=[% tid
> %]\">More on [% topic.alttext %]</A></LI>\r\n<LI><A HREF=\"[%
> constants.rootdir
> %]/search.pl?author=[% aid %]\">Also by [% aid
> %]</A></LI>',500,'',NULL);
>
Thanks,
this can be a quick fix to main and bender by filtering the aid.
> Hope it helps
>
> --
> Alessio F. Bragadini al...@al...
> APL Financial Services http://village.albourne.com
> Nicosia, Cyprus phone: +357-2-755750
>
> "It is more complicated than you think"
> -- The Eighth Networking Truth from RFC 1925
>
> _______________________________________________
> Slashcode-development mailing list
> Sla...@li...
> http://lists.sourceforge.net/mailman/listinfo/slashcode-development
--
Patrick Galbraith Open Source Development Network
Senior Software Developer 50 Nagog Park
Slash Code Development Team Acton, MA 01720
"Energy and Persistence conquer all things".
Benjamin Franklin
|
