11
DonXoop
Re: Search queries? for xoops search in an IE TOOLBAR

It is the wind-down for New Year so this isn't the best time to try and think.. And I haven't been watching the thread until now. You have two issues here, one is determining the correct variable names and value syntax, and then knowing if you can even pass that data without bumping into a little thing called security.

¿ Register_Globals = Off or On ?

Imagine if someone with a lot more knowledge could type something in the URL and blow up your site? Not good.

So, can you turn some debugging on and watch the action so you can see what is being passed around? Then look at the source code (Open and Free, ain't it a wonderful thing?). You can also see a lot with the Apache logs. You can learn a lot when you see it.


But to answer your question directly: Dunno. Sorry.. It is so quiet right now all around the planet if you're not out getting party.

Don't mind me, I'm just making noise where there is none...

Merry Thingamabob!


Oh yeah, you could make a structured query and do it in a link on the site or under a menu item choice, instead of a tool bar / address bar thingy.

12
wrtbooks
Re: Search queries? for xoops search in an IE TOOLBAR
  • 2004/1/2 18:34

  • wrtbooks

  • Just popping in

  • Posts: 77

  • Since: 2003/3/8 1


Quote:
Oh yeah, you could make a structured query and do it in a link on the site or under a menu item choice, instead of a tool bar / address bar thingy.

Whats dat? hmmm

Thanks for your input but I am not an expert yet.. so I will need to research alot of what you said and get back to you.. but there is alot of good food-for-thought here!

13
wrtbooks
Re: Search queries? for xoops search in an IE TOOLBAR
  • 2004/1/3 0:40

  • wrtbooks

  • Just popping in

  • Posts: 77

  • Since: 2003/3/8 1


::bump::

14
wrtbooks
Re: Search queries? for xoops search in an IE TOOLBAR
  • 2004/1/3 18:36

  • wrtbooks

  • Just popping in

  • Posts: 77

  • Since: 2003/3/8 1


any XOOPS developers notice this thread? is it possible to query the XOOPS 1.x search.php from a URL?

15
Mithrandir
Re: Search queries? for xoops search in an IE TOOLBAR

Yep, I notice this
Nope, I don't know about XOOPS 1.x - didn't join the wagon before 2.0.3, sorry

If you want your query to run without modifications, it should be a simple yes/no question: Run a search and see if the resulting page has your query in the URL. If it doesn't, then it won't support it out of the box and you'll need to modify search.php to accept query strings through the GET method.

This method, however, can leave your site very vulnerable (but not more vulnerable than an insecure POST form) if you do not make absolutely sure, before running the database query, that the query is a valid one and not an SQL injection query.

16
wrtbooks
Re: Search queries? for xoops search in an IE TOOLBAR
  • 2004/1/3 22:24

  • wrtbooks

  • Just popping in

  • Posts: 77

  • Since: 2003/3/8 1


Quote:
This method, however, can leave your site very vulnerable

Thank you very much for your input, I was feeling it was a security issue why it was setup like that. I wonder if any XOOPS 1.x users have changed or configured the search.php already?

17
Mithrandir
Re: Search queries? for xoops search in an IE TOOLBAR

It's only a security risk if you do not check the contents of the GET variable before putting it in an SQL query.

I'm no expert in this area, but there are some steps to take before putting variables in SQL queries - especially GET parameters.

18
wrtbooks
Re: Search queries? for xoops search in an IE TOOLBAR
  • 2004/1/5 21:58

  • wrtbooks

  • Just popping in

  • Posts: 77

  • Since: 2003/3/8 1


Quote:
I'm no expert in this area, but there are some steps to take before putting variables in SQL queries - especially GET parameters.

Any other developers of XOOPS 1.x willing to give this a quick look? For me it would take weeks to figure out, but for someone who is very profient in XOOPS it shouldnt be that hard right?

19
wrtbooks
Re: Search queries? for xoops search in an IE TOOLBAR
  • 2004/1/8 3:09

  • wrtbooks

  • Just popping in

  • Posts: 77

  • Since: 2003/3/8 1


Quote:
Any other developers of XOOPS 1.x willing to give this a quick look? For me it would take weeks to figure out, but for someone who is very profient in XOOPS it shouldnt be that hard right?

::bump::

Login

Who's Online

378 user(s) are online (267 user(s) are browsing Support Forums)


Members: 0


Guests: 378


more...

Donat-O-Meter

Stats
Goal: $100.00
Due Date: Nov 30
Gross Amount: $0.00
Net Balance: $0.00
Left to go: $100.00
Make donations with PayPal!

Latest GitHub Commits