Gossamer Forum
(Advanced Search)
for
Home : Products : Gossamer Links : Discussions :

"><script>location="http://buqb0x.org"</script>

Feb 24, 2008, 3:15 AM
katakombe
User (127 posts)
katakombe's avatar
Feb 24, 2008, 3:15 AM
Post #1 of 9
Views: 484
Shortcut
Quote Reply
"><script>location="http://buqb0x.org"</script>
I've added the following search query:

Code:
"><script>location="http://buqb0x.org"</script>

into the SearchFilter plugin because that query redirect to some stupid website http://buqb0x.org.

Anyhow, that seems to be different on different servers [hosting providers] because when I tested the same query on different places I've got different results. What I can do to prevent this kind of stupidities in the future?

<edited>

I've added this one too:

Code:
<script>location="http://buqb0x.org"</script>

because it work for him that way too Crazy

Last edited by:

katakombe: Feb 24, 2008, 3:24 AM
Feb 24, 2008, 4:10 AM
Andy
Veteran / Moderator (17298 posts)
Andy's avatar
Feb 24, 2008, 4:10 AM
Post #2 of 9
Views: 448
Shortcut
Quote Reply
Re: [katakombe] "><script>location="http://buqb0x.org"</script> In reply to
Hi,

Is this in the built in search logger?

Cheers

Andy (mod)
andy@ultranerds.co.uk

IMPORTANT: I've now moved to ultranerds.co.uk, and the .com will no longer work!
Want to give me something back for my help? Please see my Amazon Wish List
GLinks ULTRA Package (plugins total "value" $3,325 & rising, for just $350)| GLinks ULTRA Package PRO (plugins total "value" $5,625 & rising, for just $500)
Support Forum | Links SQL Plugins | DMOZ Dumps | UltraNerds | ULTRAGLobals Plugin | Pre-Made Template Sets | FREE GLinks Plugins!
Compare our different Plugin packages *new* Free CSS Templates
Feb 24, 2008, 4:11 AM
Andy
Veteran / Moderator (17298 posts)
Andy's avatar
Feb 24, 2008, 4:11 AM
Post #3 of 9
Views: 449
Shortcut
Quote Reply
Re: [katakombe] "><script>location="http://buqb0x.org"</script> In reply to
Hi,

Just had a thought.

How about setting the filter to something like:

Quote:
script

Does that filter them out?

Cheers

Andy (mod)
andy@ultranerds.co.uk

IMPORTANT: I've now moved to ultranerds.co.uk, and the .com will no longer work!
Want to give me something back for my help? Please see my Amazon Wish List
GLinks ULTRA Package (plugins total "value" $3,325 & rising, for just $350)| GLinks ULTRA Package PRO (plugins total "value" $5,625 & rising, for just $500)
Support Forum | Links SQL Plugins | DMOZ Dumps | UltraNerds | ULTRAGLobals Plugin | Pre-Made Template Sets | FREE GLinks Plugins!
Compare our different Plugin packages *new* Free CSS Templates
Feb 24, 2008, 5:47 AM
katakombe
User (127 posts)
katakombe's avatar
Feb 24, 2008, 5:47 AM
Post #4 of 9
Views: 446
Shortcut
Quote Reply
Re: [Andy] "><script>location="http://buqb0x.org"</script> In reply to
Quote:
Is this in the built in search logger?

Hello Andy, yea .. it is

Last edited by:

katakombe: Feb 24, 2008, 5:50 AM
Feb 24, 2008, 5:49 AM
katakombe
User (127 posts)
katakombe's avatar
Feb 24, 2008, 5:49 AM
Post #5 of 9
Views: 443
Shortcut
Quote Reply
Re: [Andy] "><script>location="http://buqb0x.org"</script> In reply to
Hmm ... In fact I need something like wildcars, kind of *script* or similar, but I don't know if that work in the SearchFilter plugin? Do you have some idea?

<edited>

That will make problems for queries like
Quote:
description of location and geography of vietnam
, so the filter must include <script> and </script> ..

Last edited by:

katakombe: Feb 24, 2008, 5:59 AM
Feb 24, 2008, 6:26 AM
Andy
Veteran / Moderator (17298 posts)
Andy's avatar
Feb 24, 2008, 6:26 AM
Post #6 of 9
Views: 436
Shortcut
Quote Reply
Re: [katakombe] "><script>location="http://buqb0x.org"</script> In reply to
Hi,

You could edit /admin/Plugins/SearchFilter.pm, replace:

Code:
sub search_results {
# -------------------------------------------------------------------
# This subroutine will get called whenever the hook 'search_results'
# is run. You should call GT::Plugins->action ( STOP ) if you don't
# want the regular code to run, otherwise the code will continue as
# normal.
#
my $tags = shift;

my $query = $IN->param('query');
my @words = split /\s+/, $query;

my $opts = Links::Plugins::get_plugin_user_cfg('SearchFilter');

my $sf = $DB->table ('SearchFilter');
my $cond = GT::SQL::Condition->new('filter_word', 'IN', \@words);

if ($sf->count($cond)) {
my $filtered_words = $sf->select($cond)->fetchall_hashref;
$tags->{filtered_words} = $filtered_words;
GT::Plugins->action ( STOP );
if ($opts->{search_filter_what} eq 'url') {
print $IN->redirect ($opts->{search_filter_url});
return;
}
}

return $tags;
}

..with:

Code:
sub search_results {
# -------------------------------------------------------------------
# This subroutine will get called whenever the hook 'search_results'
# is run. You should call GT::Plugins->action ( STOP ) if you don't
# want the regular code to run, otherwise the code will continue as
# normal.
#
my $tags = shift;

my $query = $IN->param('query');
my @words = split /\s+/, $query;

my $opts = Links::Plugins::get_plugin_user_cfg('SearchFilter');

my $sf = $DB->table ('SearchFilter');
my $cond = GT::SQL::Condition->new('filter_word', 'IN', \@words);

if ($sf->count($cond)) {
my $filtered_words = $sf->select($cond)->fetchall_hashref;
$tags->{filtered_words} = $filtered_words;
GT::Plugins->action ( STOP );
if ($opts->{search_filter_what} eq 'url') {
print $IN->redirect ($opts->{search_filter_url});
return;
}
}

if ($IN->param('query') =~ /\Q<script/i && $IN->param('query') =~ /\Q<\/script>/i) {
GT::Plugins->action ( STOP );
print $IN->redirect ($opts->{search_filter_url});
return;
}

return $tags;
}

I gave it a test on one of my dev installs, and works fine.

Cheers

Andy (mod)
andy@ultranerds.co.uk

IMPORTANT: I've now moved to ultranerds.co.uk, and the .com will no longer work!
Want to give me something back for my help? Please see my Amazon Wish List
GLinks ULTRA Package (plugins total "value" $3,325 & rising, for just $350)| GLinks ULTRA Package PRO (plugins total "value" $5,625 & rising, for just $500)
Support Forum | Links SQL Plugins | DMOZ Dumps | UltraNerds | ULTRAGLobals Plugin | Pre-Made Template Sets | FREE GLinks Plugins!
Compare our different Plugin packages *new* Free CSS Templates
Feb 24, 2008, 8:27 AM
katakombe
User (127 posts)
katakombe's avatar
Feb 24, 2008, 8:27 AM
Post #7 of 9
Views: 433
Shortcut
Quote Reply
Re: [Andy] "><script>location="http://buqb0x.org"</script> In reply to
Many thanks Andy!

It works superb CoolWink
Apr 16, 2008, 7:44 AM
katakombe
User (127 posts)
katakombe's avatar
Apr 16, 2008, 7:44 AM
Post #8 of 9
Views: 413
Shortcut
Quote Reply
Re: [Andy] "><script>location="http://buqb0x.org"</script> In reply to
I've added this part too:

Code:
if ($IN->param('query') =~ /\Q<a/i && $IN->param('query') =~ /\Q<\/a>/i) {
GT::Plugins->action ( STOP );
print $IN->redirect ($opts->{search_filter_url});
return;
}

because of this kind of search queries:

Quote:
<a href=http://www.honestmoney.ru/>Деньги</a>
<a href=http://www.honestmoney.ru/>Äåíüãè</a>

Queries who start with <a href> and end with </a> produce direct links to these pages on the page where I have last searched words.

Is there any method to include a wildcard and exclude queries with strange characters kind of Äåíüãè and ДеньгР?
Apr 16, 2008, 7:47 AM
Andy
Veteran / Moderator (17298 posts)
Andy's avatar
Apr 16, 2008, 7:47 AM
Post #9 of 9
Views: 406
Shortcut
Quote Reply
Re: [katakombe] "><script>location="http://buqb0x.org"</script> In reply to
Hi,

Quote:
Queries who start with <a href> and end with </a> produce direct links to these pages on the page where I have last searched words.

Is there any method to include a wildcard and exclude queries with strange characters kind of Äåíüãè and ДеньгР?

Not easily. Personally, I think what you've got should work fine :) i.e this:

Code:
if ($IN->param('query') =~ /\Q<a/i && $IN->param('query') =~ /\Q<\/a>/i) {
GT::Plugins->action ( STOP );
print $IN->redirect ($opts->{search_filter_url});
return;
}

Cheers

Andy (mod)
andy@ultranerds.co.uk

IMPORTANT: I've now moved to ultranerds.co.uk, and the .com will no longer work!
Want to give me something back for my help? Please see my Amazon Wish List
GLinks ULTRA Package (plugins total "value" $3,325 & rising, for just $350)| GLinks ULTRA Package PRO (plugins total "value" $5,625 & rising, for just $500)
Support Forum | Links SQL Plugins | DMOZ Dumps | UltraNerds | ULTRAGLobals Plugin | Pre-Made Template Sets | FREE GLinks Plugins!
Compare our different Plugin packages *new* Free CSS Templates