Namazu-users-ja(旧)
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: Namazu 2.0.9 was released.
菅です。
> 菅さんにもう一つだけ試して見て欲しいことがあります。たびたび
> お手数をおかけして済みません。添付の namazu-cgi-8-small を
> tests の下に置いて、
> sh -xv namazu-cgi-8-small
> とするとどうなるでしょうか。
>
> <S>という字があれば問題です。
エラーになります。
#! /bin/sh
#
# Test for cross-site scripting vulnerability
#
LOG=`pwd`/test-log
+ pwd
LOG=/export/home/syrinx/manager/work/Namazu/namazu-2.0.9/tests/test-log
echo ' *** starting ' $0 >>$LOG
+ echo *** starting ./namazu-cgi-8-small
pwd=`pwd`
+ pwd
pwd=/export/home/syrinx/manager/work/Namazu/namazu-2.0.9/tests
tmprc="$pwd/../src/.namazurc"
tmprc=/export/home/syrinx/manager/work/Namazu/namazu-2.0.9/tests/../src/.namazurc
# To make messages English
LANG= ; export LANG
LANG=
+ export LANG
unset LANGUAGE
+ unset LANGUAGE
unset LC_ALL
+ unset LC_ALL
unset LC_MESSAGES
+ unset LC_MESSAGES
cd ../src
+ cd ../src
# check "idxname"
tmprc="$pwd/../src/.namazurc"
tmprc=/export/home/syrinx/manager/work/Namazu/namazu-2.0.9/tests/../src/.namazurc
echo "Index $pwd" > $tmprc
+ echo Index /export/home/syrinx/manager/work/Namazu/namazu-2.0.9/tests
SCRIPT_NAME='namazu.cgi'
SCRIPT_NAME=namazu.cgi
QUERY_STRING='query=namazu&idxname=idx1&idxname="<S>strike</S>'
QUERY_STRING=query=namazu&idxname=idx1&idxname="<S>strike</S>
export SCRIPT_NAME QUERY_STRING
+ export SCRIPT_NAME QUERY_STRING
# ./namazu.cgi
# RESULT=`./namazu.cgi 2>&1 | grep '<S>' | wc -l`
./namazu.cgi | grep '<S>'
+ grep <S>
+ ./namazu.cgi
namazu: /export/home/syrinx/manager/work/Namazu/namazu-2.0.9/tests/NMZ.head: No such file or directory
namazu: /export/home/syrinx/manager/work/Namazu/namazu-2.0.9/tests/NMZ.foot: No such file or directory
<strong>Page:</strong> <strong>[1]</strong> <a href="namazu.cgi?query=namazu&idxname=idx1&idxname="<S>strike</S>&whence=20">[2]</A> </p>
--
ADVANTEST corp.
Taiji.Can@xxxxxxxxxxxxxxxxxxx