On 04/10/12 22:24, [email protected] wrote:
It's good practice to escape '%' and '_' wildcards. Without those
wildcards escaped it is more difficult for a user to search for those
characters literally.
They can be escaped with '\', but it's true that the underscores can
cause a problem if there is only one method of searching.
There is also a potential for a simple denial of
service attack if a malicious visitor created a search string using
wildcards that had the sole purpose of consuming server resources.
But isn't is just search strings like '%%%' that are a problem (which
could be easily to screened out)?
I apologize that the change created problems in your AUR helper, but I
don't think it is something that should be undone. It has been in
place for over 7 months now and many users didn't even know it was
previously possible. Any functionality that depended on it was
depending on a bug.
No apology needed :)
You haven't really caused much of a problem - it's just a loss of some
functionality that I was hoping could be avoided.
You may want to look at how some other AUR helpers implement AUR
searching if you would like ideas for your own AUR helper.
The main purpose of my program (which has been around for 18-months or
so), is to integrate searching the user's local pacman databases with
the AUR. The wildcards were handy, because I could translate them into a
simple glob-style syntax that would work equally well in both contexts.
So I mainly wanted to confirm that there is no chance of wildcards being
brought back before I removed the functionality from my own program.
Thanks for the feedback.
