This was forwarded to the htdig-bugs address. I think it's a very
good idea and certainly would solve the problems for Russian ht://Dig
users in a very elegant way. However, I think I'd like to have a
bunch of eyes go over this and think about possible security problems
before we take it.
I'm potentially worried about scenarios where the config operation
can get ruined by someone setting an environment variable.
Of course, if we go to a validating config parser like we talked
about recently, people will have to specify which variables should be
expanded, which decreases the risk considerably.
Thoughts?
-Geoff
From: [EMAIL PROTECTED]
Date: Wed, 1 Mar 2000 09:03:52 -0500 (EST)
>Dear htdig developers,
>
>I, as a site administrator, have got recently a problem. My problem source
>is rather specific for my country, namely, it arises from the necessity to
>recode various existing in Russian Web codepages into each others. The
>commonly used webserver in Russia is the so called Russian Apache, which
>performs recoding automatically and is very customizable. However, it would
>be undesirable to recode htsearch output (it should be in the same encoding as
>the search phrase entered), while the custom headers, footers and so on
>(search_results_header, search_results_footer, ...) should still be recoded.
>
>I have implemented the following solution, which might be useful not only
>for Russian Apache users, but also for some other purposes. It is very
>simple:
>
>One can use variable substitution in htdig.conf in three forms: $var, $(var)
>and ${var}.
>
>If one uses $var or ${var} (the second form is used in the htdig examples),
>he gets the former behaviour, as always before.
>
>If one uses the $(var) form, then firstly the usual variable substitution
>takes place, and then, if no variable found, the shell environment is looked
>for such a variable via getenv().
>
>I have used the modified $(var) form to make htsearch to take different
>search_results... templates for different charsets requested by browser in the
>following way:
>
>search_results_footer: ${common_dir}/footer_$(CHARSET).html
>
>Then, the Russian Apache webserver sets the CHARSET variable for CGI
>scripts, among others. Depending upon its value, different footers can be
>taken:
>
>footer_koi8-r.html
>footer_windows-1251.html
>footer_translit.html
>footer_ISO-8859-5.html
>
>and so on...
>
>The different footers can be produced from a single one via recoding tool.
>However, they may also easily have totally different contents.
>
>Such a feature does not break existing htdig configuration rules, i.e. it is
>not dangerous. In the same time, it can be used to make the search outputs
>yet more configurable. The webservers set a lot of variables which can be
>used in a similar manner.
>
>The very short patch to implement the shell variable substitution follows
>(for the newest, 3.1.5 version, it is exactly the same):
>
>diff -ru htdig-3.1.2.orig/htlib/ParsedString.cc
>htdig-3.1.2/htlib/ParsedString.cc
>--- htdig-3.1.2.orig/htlib/ParsedString.cc Thu Apr 22 09:47:58 1999
>+++ htdig-3.1.2/htlib/ParsedString.cc Wed Mar 1 09:55:27 2000
>@@ -23,6 +23,7 @@
> #include <fstream.h>
> #include <ctype.h>
> #include <stdio.h>
>+#include <stdlib.h>
>
>
>
>//********************************************************************
>*********
>@@ -80,6 +81,7 @@
> char *str = value.get();
> char delim = ' ';
> int need_delim = 0;
>+ char *ev;
>
> parsed = 0;
> while (*str)
>@@ -114,6 +116,12 @@
> temp = (ParsedString *) dict[variable];
> if (temp)
> parsed << temp->get(dict);
>+ else if (delim == ')')
>+ {
>+ ev = getenv (variable);
>+ if (ev)
>+ parsed << ev;
>+ }
> str++;
> }
> else if (need_delim)
>
>With best wishes,
>Georgy.
>_____________________________________________________________________
>__________
>
>Georgy Salnikov
>NMR Group
>Novosibirsk Institute of Organic Chemistry
>Lavrentjeva, 9, 630090 Novosibirsk, Russia
>Tel. +7-3832-341960 +7-3832-331456
>Fax +7-3832-331456
>Email [EMAIL PROTECTED]
>_____________________________________________________________________
>__________
------------------------------------
To unsubscribe from the htdig3-dev mailing list, send a message to
[EMAIL PROTECTED]
You will receive a message to confirm this.
