On Thu, Oct 4, 2012 at 1:59 PM, kachelaqa <kachelaqa@gmail.com> wrote:
I just recently noticed that the wildcards have been disabled in aur-1.9.1 - which is a pity, since it has removed some fairly useful functionality.
I found bug FS#26527 that prompted the change, and read through the links - but I couldn't completely understand the rationale for it.
It looks like there may be a problem with search queries that consist of only '%' wildcards, as that could match everything in the database.
But wouldn't it be fairly easy to eliminate pathological cases like that? And aren't there already checks in place to limit the number of results returned?
For me, the most useful feature of wildcards is that they can be used to *reduce* the number of results returned - which is somewhat ironic, if I have interpreted the rationale for this change correctly ;-)
It's good practice to escape '%' and '_' wildcards. Without those wildcards escaped it is more difficult for a user to search for those characters literally. There is also a potential for a simple denial of service attack if a malicious visitor created a search string using wildcards that had the sole purpose of consuming server resources. I apologize that the change created problems in your AUR helper, but I don't think it is something that should be undone. It has been in place for over 7 months now and many users didn't even know it was previously possible. Any functionality that depended on it was depending on a bug. You may want to look at how some other AUR helpers implement AUR searching if you would like ideas for your own AUR helper. Regards, Jason