Skip to main content.
home | support | download

Back to List Archive

Re: Swish-E Phrase Search

From: Bill Moseley <moseley(at)>
Date: Fri Feb 08 2002 - 17:51:35 GMT
At 06:38 AM 02/08/02 -0800, wrote:
>Hi David,
>You do not need to change swish.h. Probably, your problems
>relays in the shell you are using. 

More likely it's a problem with the CGI script.  I don't mean to sound
alarmist, but if the CGI script is allowing shell metas to pass to the
shell, then I'd worry about security of your server.  That's a good way to
get hacked.

Hum, is that the script on the swish-e site from John Millard?  If so, it
doesn't use -w or use strict, which is not a good sign.  It doesn't use, which is the standard for CGI scripts.  Then it passes user input
($query) directly through the shell.  This is very insecure.

You also mentioned in private email to me that you just upgraded to 2.0.5.
2.1-dev is really the "new and improved" version, and I'd recommend using
it over 2.0.5.  There's a CGI script included in the 2.1-dev distribution
that doesn't have the above security flaw.

>If you work in a UNIX system
>(eg: linux) try the following:
>swish-e -w ' "this is my phrase"' -f index_file
>(single quote, double quote)
>(The single quote ensures that the double quote is not trimmed
>by the shell)
>Another possibility is:
>swish-e -w \"this is my phrase\" -f index_file
>(escaping the ")
>BTW, I am copying this message to the list. Perhaps this can
>be useful for other people.
>On 7 Feb 2002, at 15:04, David Ayres wrote:
>> Hello Jose,
>> I've been looking over some of your comments in the Swish-E discussion
>> area, and I was wondering if you could clarify something for me
>> regarding phrase searching--specifically, the delimiter switch in the
>> swish.h file.  Currently, I find that in order to get an accurate hit
>> when searching for a phrase, I have to use this syntax:
>>  '"this is a phrase"'  (i.e., a single quote, double quote, the
>>  phrase, 
>> double quote, single quote)
>> If I attempt to use just double quote marks, the target phrase does
>> come up, but also hits containing just words from the phrase and not
>> the phrase itself.  When using the syntax above, only the correct
>> phrase returns.
>> So I'm assuming I need to adjust the relevant lines in swish.h, which
>> currently read:
>> However, not being a Perl writer, I'm a little confused by the syntax.
>> <g>  Can you advise on how I'd adjust these lines to reflect using a
>> double quotation mark (") as a delimiter?
>> Thanks!
>> David Ayres
Bill Moseley
Received on Fri Feb 8 17:56:54 2002