On 04/10/12 22:24, canyonknight@gmail.com wrote:
It's good practice to escape '%' and '_' wildcards. Without those wildcards escaped it is more difficult for a user to search for those characters literally.
They can be escaped with '\', but it's true that the underscores can cause a problem if there is only one method of searching.
There is also a potential for a simple denial of service attack if a malicious visitor created a search string using wildcards that had the sole purpose of consuming server resources.
But isn't is just search strings like '%%%' that are a problem (which could be easily to screened out)?
I apologize that the change created problems in your AUR helper, but I don't think it is something that should be undone. It has been in place for over 7 months now and many users didn't even know it was previously possible. Any functionality that depended on it was depending on a bug.
No apology needed :) You haven't really caused much of a problem - it's just a loss of some functionality that I was hoping could be avoided.
You may want to look at how some other AUR helpers implement AUR searching if you would like ideas for your own AUR helper.
The main purpose of my program (which has been around for 18-months or so), is to integrate searching the user's local pacman databases with the AUR. The wildcards were handy, because I could translate them into a simple glob-style syntax that would work equally well in both contexts. So I mainly wanted to confirm that there is no chance of wildcards being brought back before I removed the functionality from my own program. Thanks for the feedback.