@@ -14,7 +14,9 @@ module Giraffe # TODO: Probably horribly unsafe. # on(:get, ["grep", :term]) { - @search = Rack::Utils.escape captured.term + @search = Rack::Utils.unescape captured.term + @search.delete! "'`\"\\" + @search.gsub! "$", "\\$" # TODO: May need further guarding here. @matches = Giraffe.wiki!.grep(@search).select {|obj, match| resources/grep.rb 46682b651a89fe63fdd6c66feb19cd811e0060c5 Eero Saynatkari projects@kittensoft.org http://github.com/rue/giraffe/commit/16225d5916efc053f13b3b4e6b79f4a80d86fb70 16225d5916efc053f13b3b4e6b79f4a80d86fb70 2009-01-21T10:00:44-08:00 2009-01-21T10:00:44-08:00 Implement safer grep by removing quotes, ticks and backslashes. * This can probably use a bunch of improvement. bfa5e53ae85f2f965edca3ce7d108107fc33aa3b Eero Saynatkari projects@kittensoft.org