https://bugzilla.novell.com/show_bug.cgi?id=673654 https://bugzilla.novell.com/show_bug.cgi?id=673654#c3 --- Comment #3 from Jan-Simon Möller <jansimon.moeller@opensuse.org> 2011-02-21 10:18:31 UTC --- def search(what, render_all) predicate = predicate_from_match_parameter(params[:match]) logger.debug "searching in #{what}s, predicate: '#{predicate}'" xe = XpathEngine.new begin collection = xe.find("/#{what}[#{predicate}]", params.slice(:sort_by, :order)) rescue XpathEngine::IllegalXpathError => e render_error :status => 400, :message => "illegal xpath %s (#{e.message})" % predicate return end output = String.new output << "<?xml version='1.0' encoding='UTF-8'?>\n" output << "<collection>\n" collection.uniq! collection.each do |item| if item.kind_of? DbPackage or item.kind_of? DbProject # already checked in this case ########## <=== seems not checked, yet elsif item.kind_of? Repository # This returns nil if access is not allowed next unless DbProject.find_by_id item.db_project_id else render_error :status => 400, :message => "unknown object received from collection %s (#{item.inspect})" % predicate return end str = (render_all ? item.to_axml : item.to_axml_id) output << str.split(/\n/).map {|l| " "+l}.join("\n") + "\n" end output << "</collection>\n" render :text => output, :content_type => "text/xml" end -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.