1 == Protect qtype CGI parameter ==
3 Malicious DoS attempts have been witnessed in the wild making use of
4 the fact that Evergreen does not check the contents of the qtype CGI
5 parameter. While these fail their intent, it would be better to
6 simply drop such searches on the floor when they're seen.
8 Evergreen will now confirm that the search class in the qtype parameter
9 is valid, and that the remainder of the value is structured correctly,
10 before processing the search request.
projects / evergreen-equinox.git / blob