[AWFFULL] awffull 3.7.1 bug with search string keywords

Steve McInerney steve at stedee.id.au
Sat May 5 16:50:48 EST 2007


Heh. That's actually quite amusing. :-)

Irritating I grant, but amusing that it just happened to coincide with a
 real HTML word.

I've logged that as a bug.
http://www.stedee.id.au/flyspray/task/10

I'm in the final prep with getting 3.7.4 out - so won't be fixed in
there. Trying to *finally* get 3.8.1-beta1 out - so would prefer not to
put a fix in there, probably 3.8.1-beta2.

Hopefully 2-4 weeks. If urgent, let me know and I'll see if I can't get
something patched together sooner.
In the meantime, I'd suggest doing a prefilter with egrep or similar to
filter the problem away?


Cheers!

- Steve


http://www.stedee.id.au/flyspray/task/10
on 5/05/2007 2:36 PM Héctor Delcourt (Armonth) said the following:
> Hi! I am user spanish of awffull and can tell a bug I founded
> 
> In the search string keywords report ("View All Search Strings"), the list 
> of keywords can contain unsanitized HTML.
> 
> One user search "<marquee for Firefox" on my site and the result is all 
> lines below this search is "marqueed"
> 
> The solution is sanitize all < and > with the correspondent entity: &lt; 
> and &gt;.
> 
> Greetings


More information about the AWFFull mailing list