Namazu-users-ja(旧)


[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Namazu 2.0.9 was released.



  菅です。

> 菅さんにもう一つだけ試して見て欲しいことがあります。たびたび
> お手数をおかけして済みません。添付の namazu-cgi-8-small を 
> tests の下に置いて、
> sh -xv namazu-cgi-8-small
> とするとどうなるでしょうか。
> 
> <S>という字があれば問題です。

  エラーになります。

#! /bin/sh
#
# Test for cross-site scripting vulnerability
#
LOG=`pwd`/test-log
+ pwd 
LOG=/export/home/syrinx/manager/work/Namazu/namazu-2.0.9/tests/test-log
echo '  *** starting ' $0 >>$LOG
+ echo   *** starting  ./namazu-cgi-8-small 
pwd=`pwd`
+ pwd 
pwd=/export/home/syrinx/manager/work/Namazu/namazu-2.0.9/tests
tmprc="$pwd/../src/.namazurc"
tmprc=/export/home/syrinx/manager/work/Namazu/namazu-2.0.9/tests/../src/.namazurc

# To make messages English
LANG= ; export LANG
LANG=
+ export LANG 
unset LANGUAGE
+ unset LANGUAGE 
unset LC_ALL
+ unset LC_ALL 
unset LC_MESSAGES
+ unset LC_MESSAGES 

cd ../src
+ cd ../src 

# check "idxname"
tmprc="$pwd/../src/.namazurc"
tmprc=/export/home/syrinx/manager/work/Namazu/namazu-2.0.9/tests/../src/.namazurc
echo "Index $pwd" > $tmprc
+ echo Index /export/home/syrinx/manager/work/Namazu/namazu-2.0.9/tests 

SCRIPT_NAME='namazu.cgi'
SCRIPT_NAME=namazu.cgi
QUERY_STRING='query=namazu&idxname=idx1&idxname="<S>strike</S>'
QUERY_STRING=query=namazu&idxname=idx1&idxname="<S>strike</S>
export SCRIPT_NAME QUERY_STRING 
+ export SCRIPT_NAME QUERY_STRING 

# ./namazu.cgi

# RESULT=`./namazu.cgi 2>&1 | grep '<S>' | wc -l`
./namazu.cgi | grep '<S>' 
+ grep <S> 
+ ./namazu.cgi 
namazu: /export/home/syrinx/manager/work/Namazu/namazu-2.0.9/tests/NMZ.head: No such file or directory
namazu: /export/home/syrinx/manager/work/Namazu/namazu-2.0.9/tests/NMZ.foot: No such file or directory
<strong>Page:</strong> <strong>[1]</strong> <a href="namazu.cgi?query=namazu&idxname=idx1&idxname=&quot;<S>strike</S>&whence=20">[2]</A> </p>
-- 

					ADVANTEST corp.
					Taiji.Can@xxxxxxxxxxxxxxxxxxx