[Top][All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
gnatsweb/622: bug in the storing of queries into cookies
From: |
bug-gnats |
Subject: |
gnatsweb/622: bug in the storing of queries into cookies |
Date: |
Fri, 30 Jun 2006 07:45:01 -0500 (CDT) |
>Number: 622
>Category: gnatsweb
>Synopsis: bug in the storing of queries into cookies
>Confidential: no
>Severity: serious
>Priority: medium
>Responsible: unassigned
>State: open
>Class: sw-bug
>Submitter-Id: net
>Arrival-Date: Fri Jun 30 07:45:01 -0500 2006
>Originator: Stephane Chazelas <address@hidden>
>Release:
>Description:
Hi guys,
In the store_query function in gnatweb.pl, before storing the
current query string in the cookie, the empty parameters are
removed (to save space in the cookie jar), but they are removed
with: s/\w+=;//g
Which is not OK for parameters with a "-" in their name as "-"
is not matched by \w.
The result is that some parameters in the stored query end up
being corrupted, so a different query is run when you recall the
stored query.
>Fix:
--- - 2006-06-30 13:28:33.182766000 +0100
+++ /spider/gnats/bin/gnatsweb.pl 2006-06-30 13:24:15.837746000 +0100
@@ -2613,7 +2613,7 @@
# strip empty params out of $query_string. in a gnats db with many
# fields, the query-string will become very long, and may exceed the
# 4K limit for cookies.
- $query_string =~ s/\w+=;//g;
+ $query_string =~ s/[\w-]+=;//g;
if (length($query_string . $global_cookie_path .
"gnatsweb-query-$queryname") > 4050) {
# this cookie is going to be longer than 4K, so we'll have to punt
Or, maybe even better:
s/(?:^|(?<=;))[^=;]+=\s*(?:;|$)\s*//g
[Prev in Thread] |
Current Thread |
[Next in Thread] |
- gnatsweb/622: bug in the storing of queries into cookies,
bug-gnats <=