Re: [Savannah-hackers-public] (no subject)

[Sylvain Beucler]

Hi,

This is better.

I have a lot of small purely technical comments :)

- I do like attached diff :)

- Your diff was reversed (changes from your version back to Savane,
  instead of the changes from Savane to your version). The best way to
  produce a diff is to download the source using git, modify the
  source in it, and type 'git diff' without options, which shows
  everything you changes since you downloaded the source. Use 'git
  diff > yourfile.patch' to save it. The produced diff can be applied
  automatically using 'patch -p1 < yourfile.patch'.

- Try to avoid introducing spaces or newlines (you can inspect the
  diff and remove them before sending it), so those small differences
  don't appear in the diff and distrub the reader.

- You modified a function that sends headers. But now the function
  sends both the results headers and the exact results, so this is
  confusing. Maybe search_exact() needs to be called from
  frontend/php/search/index.php, rather than from
  search_send_header().

- db_execute has a second argument, which is an array of values to
  include in the query (it replaces "?"s) and properly escape (to
  avoid SQL injections). You need to use it to properly escape
  $keywords (check ./include/trackers_run/browse.php:505 for an
  example with the SQL 'IN' keyword). This is necessary for security,
  otherwise people may add malicious SQL code in $keywords.

> > Sure, but this pretty off-topic, don't you think? :)
> 
> Now, I don't have to drop my e-mail hitch hikers, do I?

This shows that you don't control your mail. Be a real man and use
SMTP ;)

-- 
Sylvain