Gossamer Forum
Home : Products : Gossamer Links : Discussions :

"><script>location="http://buqb0x.org"</script>

Quote Reply
"><script>location="http://buqb0x.org"</script>
I've added the following search query:

Code:
"><script>location="http://buqb0x.org"</script>

into the SearchFilter plugin because that query redirect to some stupid website http://buqb0x.org.

Anyhow, that seems to be different on different servers [hosting providers] because when I tested the same query on different places I've got different results. What I can do to prevent this kind of stupidities in the future?

<edited>

I've added this one too:

Code:
<script>location="http://buqb0x.org"</script>

because it work for him that way too Crazy

Last edited by:

katakombe: Feb 24, 2008, 3:24 AM
Quote Reply
Re: [katakombe] "><script>location="http://buqb0x.org"</script> In reply to
Hi,

Is this in the built in search logger?

Cheers

Andy (mod)
andy@ultranerds.co.uk
Want to give me something back for my help? Please see my Amazon Wish List
GLinks ULTRA Package | GLinks ULTRA Package PRO
Links SQL Plugins | Website Design and SEO | UltraNerds | ULTRAGLobals Plugin | Pre-Made Template Sets | FREE GLinks Plugins!
Quote Reply
Re: [katakombe] "><script>location="http://buqb0x.org"</script> In reply to
Hi,

Just had a thought.

How about setting the filter to something like:

Quote:
script

Does that filter them out?

Cheers

Andy (mod)
andy@ultranerds.co.uk
Want to give me something back for my help? Please see my Amazon Wish List
GLinks ULTRA Package | GLinks ULTRA Package PRO
Links SQL Plugins | Website Design and SEO | UltraNerds | ULTRAGLobals Plugin | Pre-Made Template Sets | FREE GLinks Plugins!
Quote Reply
Re: [Andy] "><script>location="http://buqb0x.org"</script> In reply to
Quote:
Is this in the built in search logger?

Hello Andy, yea .. it is

Last edited by:

katakombe: Feb 24, 2008, 5:50 AM
Quote Reply
Re: [Andy] "><script>location="http://buqb0x.org"</script> In reply to
Hmm ... In fact I need something like wildcars, kind of *script* or similar, but I don't know if that work in the SearchFilter plugin? Do you have some idea?

<edited>

That will make problems for queries like
Quote:
description of location and geography of vietnam
, so the filter must include <script> and </script> ..

Last edited by:

katakombe: Feb 24, 2008, 5:59 AM
Quote Reply
Re: [katakombe] "><script>location="http://buqb0x.org"</script> In reply to
Hi,

You could edit /admin/Plugins/SearchFilter.pm, replace:

Code:
sub search_results {
# -------------------------------------------------------------------
# This subroutine will get called whenever the hook 'search_results'
# is run. You should call GT::Plugins->action ( STOP ) if you don't
# want the regular code to run, otherwise the code will continue as
# normal.
#
my $tags = shift;

my $query = $IN->param('query');
my @words = split /\s+/, $query;

my $opts = Links::Plugins::get_plugin_user_cfg('SearchFilter');

my $sf = $DB->table ('SearchFilter');
my $cond = GT::SQL::Condition->new('filter_word', 'IN', \@words);

if ($sf->count($cond)) {
my $filtered_words = $sf->select($cond)->fetchall_hashref;
$tags->{filtered_words} = $filtered_words;
GT::Plugins->action ( STOP );
if ($opts->{search_filter_what} eq 'url') {
print $IN->redirect ($opts->{search_filter_url});
return;
}
}

return $tags;
}

..with:

Code:
sub search_results {
# -------------------------------------------------------------------
# This subroutine will get called whenever the hook 'search_results'
# is run. You should call GT::Plugins->action ( STOP ) if you don't
# want the regular code to run, otherwise the code will continue as
# normal.
#
my $tags = shift;

my $query = $IN->param('query');
my @words = split /\s+/, $query;

my $opts = Links::Plugins::get_plugin_user_cfg('SearchFilter');

my $sf = $DB->table ('SearchFilter');
my $cond = GT::SQL::Condition->new('filter_word', 'IN', \@words);

if ($sf->count($cond)) {
my $filtered_words = $sf->select($cond)->fetchall_hashref;
$tags->{filtered_words} = $filtered_words;
GT::Plugins->action ( STOP );
if ($opts->{search_filter_what} eq 'url') {
print $IN->redirect ($opts->{search_filter_url});
return;
}
}

if ($IN->param('query') =~ /\Q<script/i && $IN->param('query') =~ /\Q<\/script>/i) {
GT::Plugins->action ( STOP );
print $IN->redirect ($opts->{search_filter_url});
return;
}


return $tags;
}

I gave it a test on one of my dev installs, and works fine.

Cheers

Andy (mod)
andy@ultranerds.co.uk
Want to give me something back for my help? Please see my Amazon Wish List
GLinks ULTRA Package | GLinks ULTRA Package PRO
Links SQL Plugins | Website Design and SEO | UltraNerds | ULTRAGLobals Plugin | Pre-Made Template Sets | FREE GLinks Plugins!
Quote Reply
Re: [Andy] "><script>location="http://buqb0x.org"</script> In reply to
Many thanks Andy!

It works superb CoolWink
Quote Reply
Re: [Andy] "><script>location="http://buqb0x.org"</script> In reply to
I've added this part too:

Code:
if ($IN->param('query') =~ /\Q<a/i && $IN->param('query') =~ /\Q<\/a>/i) {
GT::Plugins->action ( STOP );
print $IN->redirect ($opts->{search_filter_url});
return;
}

because of this kind of search queries:

Quote:
<a href=http://www.honestmoney.ru/>Деньги</a>
<a href=http://www.honestmoney.ru/>Äåíüãè</a>

Queries who start with <a href> and end with </a> produce direct links to these pages on the page where I have last searched words.

Is there any method to include a wildcard and exclude queries with strange characters kind of Äåíüãè and ДеньгР?
Quote Reply
Re: [katakombe] "><script>location="http://buqb0x.org"</script> In reply to
Hi,

Quote:
Queries who start with <a href> and end with </a> produce direct links to these pages on the page where I have last searched words.

Is there any method to include a wildcard and exclude queries with strange characters kind of Äåíüãè and ДеньгР?

Not easily. Personally, I think what you've got should work fine :) i.e this:

Code:
if ($IN->param('query') =~ /\Q<a/i && $IN->param('query') =~ /\Q<\/a>/i) {
GT::Plugins->action ( STOP );
print $IN->redirect ($opts->{search_filter_url});
return;
}

Cheers

Andy (mod)
andy@ultranerds.co.uk
Want to give me something back for my help? Please see my Amazon Wish List
GLinks ULTRA Package | GLinks ULTRA Package PRO
Links SQL Plugins | Website Design and SEO | UltraNerds | ULTRAGLobals Plugin | Pre-Made Template Sets | FREE GLinks Plugins!