#370175 qa.debian.org: Search function/redirection may cause unexpected results

#370175#5
Date:
2006-06-03 20:24:41 UTC
From:
To:
The search / redirection
http://packages.qa.debian.org/common/index.html
points to may provide unexpected results in some cases.

For example, put a single dot into the search box and submit the search.
http://packages.qa.debian.org/common/index.html?src=.

It looks like the rewrite rule is just a little bit too simple.

#370175#10
Date:
2006-06-04 10:03:56 UTC
From:
To:
RewriteCond %{QUERY_STRING} ^src=(.)(.*)$
RewriteRule ^/common/index.html$ /%1/%1%2.html? [L,R,NE]

the untested fix might be:

RewriteCond %{QUERY_STRING} ^src=(.)(.+)$
RewriteRule ^/common/index.html$ /%1/%1%2.html? [L,R,NE]

(i.e. require at least two chars)

BTW, which is the minimum length for a source package name? three/four chars?

filippo
--
Filippo Giunchedi - http://esaurito.net
PGP key: 0x6B79D401
random quote follows:

I never forget a face, but in your case I'll be glad to make an exception.
-- Groucho Marx

#370175#15
Date:
2006-06-04 10:25:34 UTC
From:
To:
* Moritz Naumann [Sat, 03 Jun 2006 22:24:41 +0200]:

For the sake of saving everybody having to test this, which takes a
while, this is the result:

  An error occurred while loading http://packages.qa.debian.org/common/index.html?src=.:
  Found a cyclic link in http://packages.qa.debian.org/..html.html.html.html.html.html (804 .html more)

#370175#20
Date:
2006-06-04 11:26:53 UTC
From:
To:
* Filippo Giunchedi [Sun, 04 Jun 2006 12:03:56 +0200]:

Two...

#370175#25
Date:
2008-09-29 22:25:04 UTC
From:
To:
Hi,

This appears to have been at least partly fixed; submitting a single
character simply causes the page to reload. One can still cause a
redirect loop by searching for "..", but it could be argued that's a
case of GIGO.

Regards,

Adam

#370175#30
Date:
2021-02-19 13:25:05 UTC
From:
To:
Hallo,

Ich habe dir eine Mail geschickt, aber keine Antwort von dir, warum?

Eddie