Re: [htdig] Wrapper script for htsearch


Torsten Neuer (tneuer@inwise.de)
Tue, 26 Oct 1999 08:23:54 +0200


Joseph Cheek wrote:
>
> this is the script name i was told to use:
>
> #!/bin/sh
> export SCRIPT_NAME=/results.php
> exec "$0".real ${@+"$@"}
>
> name this script htsearch, change htsearch to htsearch.real, and declare
> SCRIPT_NAME to be the php results script. call it from within php as follows:
>
> readfile ("http://your.server.here/cgi-bin/htsearch?$QUERY_STRING");
>
> where QUERY_STRING is the same that would have been passed to htsearch.

This is not only slow, but also a security hole, as it allows to execute
arbitrary commands from within $QUERY_STRING.

Have a look at the contrib section at ftp://ftp.htdig.org instead.
I have uploaded a (nearly) complete wrapper class there some time ago
which
also has some documentation in the source how to set up a wrapper with
PHP.

Furthermore, to increase speed (by omitting an additional shell level),
a
patch should be applied to htsearch, which allows issueing search
queries
on the command line (either it is in the same archive as the wrapper
class
or somewhere in the mailing list archives).

hth,
  Torsten

-- 
InWise - Wirtschaftlich-Wissenschaftlicher Internet Service GmbH
Waldhofstraße 14                            Tel: +49-4101-403605
D-25474 Ellerbek                            Fax: +49-4101-403606
E-Mail: info@inwise.de            Internet: http://www.inwise.de

------------------------------------ To unsubscribe from the htdig mailing list, send a message to htdig@htdig.org containing the single word unsubscribe in the SUBJECT of the message.



This archive was generated by hypermail 2.0b3 on Mon Oct 25 1999 - 23:33:37 PDT