Valentine wrote:
> that ASPSEEK_TEMPLATE variable is much better.I do not understand why the tmpl parameter was removed. Your point is
My point is security - your security. 'tmpl=' is a parameter that is received from the Internet (the _untrusted_ thing by its definition).
Any user can change it in her browser's 'Location:' input line. I do
not know and do not understand what will happen if she types in
tmpl=../../../../etc/passwd
or something like this.
I don't want to scare you or those using older ASPseek versions, and there
are no known exploits so far, but I just want to prevent it completely, as
tmpl= is not the only way to achieve what you want.
> each server, has a search page and I want to use separate templates forlet say there is one search server that crawls ~100 servers. And later one
> every one of them.
Read ENVIRONMENT section of s.cgi(1) man page. If you are still in trouble,
the below excerpt is taken from MnogoSearch's FAQ. It works the same in ASPseek.
----
s.cgi also supports Apache internal redirect. It checks REDIRECT_STATUS and REDIRECT_URL environment variables. To activate this template option you may add these lines to Apache srm.conf:
AddType text/html .zhtml
AddHandler zhtml .zhtml
Action zhtml /cgi-bin/search.cgi
Put search.cgi into your /cgi-bin/ directory. Then put HTML template into your site directory structure under any name with .zhtml extension, for example template.zhtml. Now you may open search page: http://www.site.com/path/to/template.zhtml Of course you may use any available extension instead of .zhtml.
----
--
== kir_at_asplinux.ru == 7551596_at_ICQ == 6722750_at_sms.beemail.ru ==
Dream like you'll live forever...Love like you've never been hurt...
Work like you don't need the money...and Dance like nobody is watching!
-- Satchel Paige
