From c4e5664bb531e0b0a2ccf95e90e0b6d08ff8f9f7 Mon Sep 17 00:00:00 2001
From: "Bradley M. Kuhn" <bkuhn@ebb.org>
Date: Wed, 23 Sep 2020 16:45:01 -0700
Subject: [PATCH] Be exceedingly less strict on the question format.

This may ultimately be a security problem; I wanted to filter the
question for only characters that are valid in bean-query, and at
some point, the right move is to look up what characters in the
bean-query parser that are allowed.  However, I kept running into
problems of finding new characters and this was an easier hack.
---
 bean-query-goofy-daemon.plx | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/bean-query-goofy-daemon.plx b/bean-query-goofy-daemon.plx
index f2fa73f..b1e8593 100755
--- a/bean-query-goofy-daemon.plx
+++ b/bean-query-goofy-daemon.plx
@@ -184,7 +184,8 @@ while (1) {
     print STDERR "sleep for 2 seconds\n" if $VERBOSE > 5;
     sleep 2;
     next;
-  } elsif ($query{question} !~  /^[\,\=\~\-\@\w.\s\"\'\_\(\)\<\>\*\.\!]+$/) {
+#  } elsif ($query{question} !~  /^[\,\=\~\-\@\w.\s\"\'\_\(\)\<\>\*\.\!\^\:\$\|]+$/) {
+  } elsif ($query{question} !~  /^[\s\S]+$/) {
     print STDERR "Query string $query{question} looks suspicious, not running beancount query!\n";
     (tied %query)->shlock;
     $query{fifoName} = mktemp("REJECTED_beancount-query-fifo-this-file-does-not-exist_${$}_XXXXXXXXX");