Hi,
This sounds good. As for the code injection it is up to you to sanitize
the request before it goes to lucene, probably by filling the email
field yourself and not rely on the user input for the email address
I hoped i havent to sanitize the user input cause the email address
query is ANDed by the
application, after the user finished his input.
(user_query) AND (email_query)
So is it possible to produce a user_query which will ignore the ANDed
(email_query)?
---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
