Re: pkgdb opensearch

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

On Fri, 16 Mar 2012 09:23:19 -0600
Ken Dreyer <ktdreyer@xxxxxxxxxxxx> wrote:

> On Fri, Mar 16, 2012 at 8:08 AM, Kevin Fenzi <kevin@xxxxxxxxx> wrote:
> > Can you give an example of a url it gives you that hits a 500 ?
> Hi Kevin,
> Thanks for responding. Today pkgdb isn't giving a 500 error, oddly
> enough.
> I fired up the HttpFox extension, and here's what is being loaded when
> I enter the word "test" in the search bar.
> (long CSRF string snipped)
> The fact that there are two separate question marks in this URL looks
> odd to me. The searchwords parameter should probably be prepended with
> an ampersand to make this a valid URL. I looked at the OpenSearch
> definition in my Firefox profile:
> ~/.mozilla/firefox/<snip>.default/searchplugins/fedora-pkgdb-packages.xml
> To fix this, I just stripped out the csrf token parameter altogether.
> The following now works for me:
> <os:Url type="text/html" method="GET"
> template="";>
> Maybe you would be able to do a similar fix on the Fedora web servers,
> to fix the definition there?

It looks like this file is shipped as part of packagedb itself. 

Would you be willing to file a bug there with the fix?

If not, I can try and do so... 

> I'm a CSRF newbie, but it strikes me as odd that a static csrf token
> string would be embedded into the OpenSearch definition itself:
> .
> Not only does it break the searches, but it seems like that defeats
> the point of having hard-to-guess CSRF tokens.

Yeah, that seems wrong to me as well. It shouldn't need to be there at


Attachment: signature.asc
Description: PGP signature

websites mailing list

[Linux ARM]     [ARM Kernel]     [Older Fedora Users]     [Fedora Advisory Board]     [Fedora Security]     [Fedora Maintainers]     [Fedora Devel Java]     [Fedora Legacy]     [Fedora Desktop]     [iPod Nano]     [ATA RAID]     [Fedora Marketing]     [Fedora Mentors]     [Fedora Package Announce]     [Fedora Package Review]     [Fedora Music]     [Fedora Packaging]     [Centos]     [Fedora SELinux]     [Fedora Triage]     [Deep Creek Hot Springs]     [Coolkey]     [Yum Users]     [Tux]     [Yosemite News]     [Yosemite Photos]     [Linux Apps]     [KDE Users]     [Fedora Tools]     [Fedora Art]     [Fedora Docs]     [Asterisk PBX]     [Fedora Core 6 Unleashed]

Powered by Linux