Home > Notify Lists > View Past Messages > Message 1040246545


Date: Wed, 18 Dec 2002 21:20:00 -0000
From: "FDSE Update Notification" <notify@xav.com>
X-Abuse-To: abuse@nickname.net
Subject: Fluid Dynamics Search Engine update - version 2.0.0.0060

Hello,

The Fluid Dynamics Search Engine was updated to version 2.0.0.0060 on
December 11, 2002.  This new version has been posted on the site for
the last week, and there have been no problems reported.

There have been dozens of code changes since the last announcement in
June.  All changes are documented on the "changes" page.  Major
improvements include:

 *  An XSS security hole has been patched.  This hole allowed HTML to be
    passed to the script and returned without being escaped.  To see if
    your version is vulnerable, visit it using the parameters:

    search/search.pl?Terms=test&Match="><h1>Fix me</h1>

    Note that this bug only appears when there are multiple pages of
    search results.

 *  Added "substring search" feature. Allows keyword "eat" to match
    "beating" and "neat"; see:
    http://www.xav.com/scripts/search/help/1172.html

 *  Changed templates to meet US government Section 508 standards on
    accessibility; see:
    http://www.xav.com/scripts/search/help/1164.html

 *  Administrator can now display a "most popular searches" list on the
    output pages.  Thanks to Ian Dobson for the code; see:
    http://www.xav.com/scripts/search/help/1154.html

 *  A new Arabic translation has been contributed.  Updates to the
    German, Italian, Norwegian, and Dutch translations have been
    contributed.

 *  Fixed several bugs in the code.  Added dozens of new help files, and
    added links to the help files from the error messages and interface
    pages.

The product is available from:
    http://www.xav.com/scripts/search/

For information on how to upgrade, see:
http://www.xav.com/scripts/search/help/1036.html

Thanks,
Zoltan Milosevic

--

To stop receiving email, please visit:
    http://www.xav.com/notify/?s=genesis&remove=notify@xav.com