- Package:
- qa.debian.org
- Source:
- qa.debian.org
- Submitter:
- Moritz Naumann
- Date:
- 2021-02-19 13:27:04 UTC
- Severity:
- minor
The search / redirection http://packages.qa.debian.org/common/index.html points to may provide unexpected results in some cases. For example, put a single dot into the search box and submit the search. http://packages.qa.debian.org/common/index.html?src=. It looks like the rewrite rule is just a little bit too simple.
RewriteCond %{QUERY_STRING} ^src=(.)(.*)$
RewriteRule ^/common/index.html$ /%1/%1%2.html? [L,R,NE]
the untested fix might be:
RewriteCond %{QUERY_STRING} ^src=(.)(.+)$
RewriteRule ^/common/index.html$ /%1/%1%2.html? [L,R,NE]
(i.e. require at least two chars)
BTW, which is the minimum length for a source package name? three/four chars?
filippo
--
Filippo Giunchedi - http://esaurito.net
PGP key: 0x6B79D401
random quote follows:
I never forget a face, but in your case I'll be glad to make an exception.
-- Groucho Marx
* Moritz Naumann [Sat, 03 Jun 2006 22:24:41 +0200]: For the sake of saving everybody having to test this, which takes a while, this is the result: An error occurred while loading http://packages.qa.debian.org/common/index.html?src=.: Found a cyclic link in http://packages.qa.debian.org/..html.html.html.html.html.html (804 .html more)
* Filippo Giunchedi [Sun, 04 Jun 2006 12:03:56 +0200]: Two...
Hi, This appears to have been at least partly fixed; submitting a single character simply causes the page to reload. One can still cause a redirect loop by searching for "..", but it could be argued that's a case of GIGO. Regards, Adam
Hallo, Ich habe dir eine Mail geschickt, aber keine Antwort von dir, warum? Eddie