This is a fragment of dhelp's dsearch CGI script:
# Pass parameters to Swish++ search program
open (SEARCH, '-|')
or exec '/usr/bin/search++', '-i', '/var/lib/dhelp/swish++.index', "$search";
>From the Perl documentation it should be safe to pass "unsafe" characters
in $search (perldoc -f exec).
I would like to read your opinion before allowing such things like *
Think of it !
For projects and other business stuff please refer to COBOLT NetServices
(URL: http://www.cobolt.net; Email: email@example.com; Phone: 0041-1-3884400)
To UNSUBSCRIBE, email to firstname.lastname@example.org
with a subject of "unsubscribe". Trouble? Contact email@example.com