Skip to main content.
home | support | download

Back to List Archive

Re: New version: swish-e-1.3.2-PHRASEp.tar.gz

From: Jose Manuel Ruiz <jmruiz(at)not-real.boe.es>
Date: Mon Jun 19 2000 - 07:52:42 GMT
Hi Rainer,

Rainer.Scherg@rexroth.de wrote:
> 
> Mhh,
> 
> found a small bug, again:
> 
> file fs.c:
> 
>              sprintf(filtercmd, "%s \'%s\'",filterprog,e->filename);
>              fp = popen (filtercmd,"r");
> 
> %s in sprintf has to be quoted, so filenames like
> "file with blanks.doc" (Samba-ounts, PC/windows) will be indexed correctly.
> 
> This fix should als be applied to http.c. There may be no blanks, but
> other harmful/meta- characters to a shell. It may be a security hole.
> 
>              sprintf(filtercmd,"%s \'%s\'
> \'%s\'",filterprog,buffer,item->url);
> 

Good work!!

cu
Jose
Received on Mon Jun 19 03:58:48 2000