Hi,
Jonathan Stark <[EMAIL PROTECTED]> just pointed out as a bug report
(PR#774) that the ExternalTransport mechanism doesn't really shell escape
the URLs. So for example:
parser https "https://www.blah.com/&rm" /etc/htdig/htdig.conf
This comes from this code:
command << ' ' << _Protocol << " \"" << _URL.get() << "\" " << configFile;
He thinks we should send the URL on STDIN to the script. I said that my
initial feeling was to make this analogous to ExternalParser and pass it
on the command-line. (IMHO, the command-line argument also makes it easier
to debug the script itself.)
Evidently, we'd need to escape shell meta-characters because they have
higher priority than the quotes.
So I think this requires some feedback--do we want to switch to passing in
the URL on the STDIN, or do we want to shell-escape all the
meta-characters?
-Geoff
------------------------------------
To unsubscribe from the htdig3-dev mailing list, send a message to
[EMAIL PROTECTED]
You will receive a message to confirm this.
