Valentine wrote:
I do not understand why the tmpl parameter was removed. Your point is
> that ASPSEEK_TEMPLATE variable is much better.
My point is security - your security. 'tmpl=' is a parameter that is
received from the Internet (the _untrusted_ thing by its definition).
Any user can change it in her browser's 'Location:' input line. I do
not know and do not understand what will happen if she types in
tmpl=../../../../etc/passwd
or something like this.
I don't want to scare you or those using older ASPseek versions, and there
are no known exploits so far, but I just want to prevent it completely, as
tmpl= is not the only way to achieve what you want.
let say there is one search server that crawls ~100 servers. And later one
> each server, has a search page and I want to use separate templates for
> every one of them.
Read ENVIRONMENT section of s.cgi(1) man page. If you are still in trouble,
the below excerpt is taken from MnogoSearch's FAQ. It works the same in
ASPseek.
----
s.cgi also supports Apache internal redirect. It checks REDIRECT_STATUS and
REDIRECT_URL environment variables. To activate this template option you
may add these lines to Apache srm.conf:
AddType text/html .zhtml
AddHandler zhtml .zhtml
Action zhtml /cgi-bin/search.cgi
Put search.cgi into your /cgi-bin/ directory. Then put HTML template into
your site directory structure under any name with .zhtml extension, for
example template.zhtml. Now you may open search page:
http://www.site.com/path/to/template.zhtml Of course you may use any
available extension instead of .zhtml.
----
--
== kir_at_asplinux.ru == 7551596_at_ICQ == 6722750_at_sms.beemail.ru ==
Dream like you'll live forever...Love like you've never been hurt...
Work like you don't need the money...and Dance like nobody is watching!
-- Satchel Paige