CVS log for interchange/lib/Vend/File.pm

Up to [Local Repository] / interchange / lib / Vend

Request diff between arbitrary revisions

Keyword substitution: kv
Default branch: MAIN

Correct logic flaw that applied UTF-8 handling in some cases where it shouldn't have.

Fixed by David Christensen <david@endpoint.com>.

Correct logic flaw that applied UTF-8 handling in some cases where it shouldn't have.

Fixed by David Christensen <david@endpoint.com>.

Various minor UTF-8 changes.

Correct attribution of &Vend::CharSet::display_chars (which is from
perluniintro manpage).

Enable localization of an error string.

Match content type more tightly in 2 spots ("text" is only trustworthy
in the MIME major type, not minor, and even that may be a stretch).

Simplify request method matching in a few places for readability and a
(trivial) performance benefit.

Use conventional $c lexical instead of $g for catalog hashref.

Fix tab/space differences to match context.

Update copyrights of files changed in 2008.

    * Committing Sonny Cook's UTF-8 patches, along with a fix for the
      PreFork issue caused by the patches.  Thanks, Sonny!

    * From Sonny's original article on interchange-core:

	There are two variables that will need to be added to your
	catalog.cfg:  MV_HTTP_CHARSET and MV_UTF8.  They should be set
	like so:

	    Variable MV_HTTP_CHARSET UTF-8
	    Variable MV_UTF8         1

	The MV_UTF8 variable tells the system that we are using UTF-8
	for stuff internally when that needs to be specified.  Perl mostly
	does the right thing wrt UTF-8, but when we need to explicitly
	specify for one of a handful of reasons, this variable lets us
	configure that.

	The MV_HTTP_CHARSET specifies which character set that the web
	pages are going to be encoded with.  UTF-8 is the only value that
	has been tested at the moment, although it probably generalises
	to whatever you would like to use.

	Communication with the database introduces three database
	directives.  These are required to ensure that data is properly
	communicated with the database:

	    PG_ENABLE_UTF8
	    MYSQL_ENABLE_UTF8
	    GDBM_ENABLE_UTF8

	These can be set on a table by table basis or with DatabaseDefault.
	You will probably want to set the one for the sql database you are
	using and one for GDBM, like so:

	    DatabaseDefault PG_ENABLE_UTF8 1
	    DatabaseDefault GDBM_ENABLE_UTF8 1

	You will need to make sure that your database is encoded in UTF-8
	and that all of your data is encoded that way as well.

	Enabling UTF-8 should not cause any problems if your data is all in
	US-ASCII, but might cause problems if other encodings are involved.

    * Note: This commit is missing the latest safeuntrap/reval/safetrap
      code, which should be added ASAP.  In the meantime, the following
      works in the interchange.cfg file (with Perl 5.8.8):

	SafeUntrap  rand require caller dofile print

    * Allow [include] et. al. to scan the local TemplateDir as well as the
      global version.  I don't see any security issues.  As most users will
      reference the file directly, the extra directory scan overhead should
      not effect a lot of setups.

* Updated copyright headers to 2007 (closes bug #102)

* Added GPL and copyright headers to a few files that were missing them.

New Free Software Foundation Address in headers of various files

New Free Software Foundation Address in headers of various files

Add make_absolute_file routine. Kind of important since my commit of
Require PerlInclude yesterday depends on it.

* Add lockout to list of SpecialSub routines allowed.

* If user-configured lockout routine returns true, it replaces the
  current routine completely. If it returns false, the normal one
  is run as well.

* Move the logging out of Vend::Dispatch to the do_lockout routine, so
  that you can avoid the log entry if your user-configured routine handles
  the lockout.

* Make the number of seconds for robot reset adjustable from its
  current hardcoded 30:

  	Limit   lockout_reset_seconds

  Maybe that should be robot_reset_seconds, I don't know.

* Change use of $Vend::Cfg->{Limit}{member} to $::Limit->{member}. As
  Limit is used in iterative routines like chain_cost, this should
  improve performance.

Big copyright and version number update to prepare for 5.3.2 release.

* Remove dependency on UserTag having File::Copy use

* Remove dependency on a usertag containing "use File::Path".

* We had been running without warnings so long, we had gotten a bit sloppy
  in our code in some places.

  Because we do lots of uninitialized hash member stuff with arrays
  of fields and $opt, it is basically unreasonable for us to run with
  the "use of uninitialized variable" warnings. Because we do a fair
  amount of numerical comparisons on empty string values, it seemed
  unreasonable to run with "string value in numeric gt" enabled.

  Also, because Safe, HTML::Entities, and some other modules have
  these checks enabled, page code is bound to have warnings issued
  no matter what you do.

  It seems better to run with some warnings enabled so that we can
  catch bad code practice.

  So I have made the code run without warnings prior to and after
  interpolate_html(), and turned off warnings by default in the
  page code.

  If it is desirable to turn on warnings for pages, you can use
  [pragma perl_warnings_in_page] and see warnings for that page
  (or by default if you put in catalog.cfg).

* In general these changes are:

	 no warnings qw(uninitialized numeric);

  in most pages.

* Add $::Pragma->{perl_warnings_in_page}.

* Remove defined checks when simple set tests will do.

* Streamline some code.

* Prevent warning on uninitialized variable.

* Close minor hole where admin could request /usr/local/interchange/etc/../../../*
  for read.

* Add "permanent more" feature so that you can create pageable searches
  that are shared between people and are cacheable by search engines.

* To activate, put in search URL/form:

	pm=1  or  mv_more_permanent=1

* To activate in [query ...], use pm=1.

* Changes hashing to two levels so that it will handle larger sets of
  searches.

* Depends on consistent spacing of queries, caches query for
  mv_cache_key that determines location. The change of a single
  bit of whitespace will change the key!

* When your data changes, a saved search could be wrong when referenced
  from a bookmark/saved link and no initializing search has been done.

* WARNING: Could generate very large file sets, watch your inodes!

Make error message more specific.

Limit data part of Vend::File:writefile error message to 120 characters in
order to avoid disk abuse, resolve scalar references.

somehow mkpath stops the eval without leaving something in $@
in case of permissions problems - i suspect it's caused by the
croak invocation
verified with Perl 5.6.1

Various minor cleanup, prevents warnings on startup.

  * Remove extra meta_record routine and change references to
    UI::Primitive::meta_record to Vend::Table::Editor::meta_record.

  * Delete {Source} value from $Vend::Cfg to save memory.

  * Remove unused stub Vend::Data::dbref.

  * Change Vend::Util::dbref to be a simple pointer to
    Vend::Data::database_exists_ref. Remove extra "my $loc".

  * Remove improperly exported parse_locale routine from Vend::Util.
    (Another parse_locale in Vend::Config, and all calls in the code
     contain package reference.)

  * Update dont_warn() routine to only include need variables/handles.

  * Remove "prime" of sort routine in Vend::Search no longer necessary
    now that Perl 5.005 is not supported.

The great copyright, email address, URL, and version update.

new function Vend::File::log_file_violation to avoid code duplication

 * Allow read access for Vend::admin to $Global::RunDir. This allows
   reading the PID file and default location of access log.

 * Namespacing fix.

Real changes for previous comment

* Change calling target for subroutines to:

	$status = $sub->($actual_file, $FileControlPath, $write, @caller);

  This allows acl routines to check both the actual file being requested
  and the path being checked.

  So the original example is now:

	FileControl include/junk  <<EOR
	sub {
		my ($fn, $checkpath, $write, @caller) = @_;
		$fn =~ /foo/;
	}
	EOR

* Change these:

	>   # Check for $Scratch->{dealer} NOT set
	>   FileControl foo/bar ic_scratch_deny:dealer
	>
    >   # Check for $Session->{secure} NOT set
    >   FileControl foo/bar ic_session_deny:secure
    >

  To:

      # Check for $Scratch->{dealer} NOT set
      FileControl foo/bar ic_scratch:!dealer

      # Check for $Session->{secure} NOT set
      FileControl foo/bar ic_session:!secure

  Add:

      # Check for $Scratch->{dealer} eq "foo"
      FileControl foo/bar ic_scratch:dealer:foo

      # Check for $Scratch->{dealer} ne "foo"
      FileControl foo/bar ic_scratch:!dealer:foo

      # Check for $Session->{secure} eq "foo"
      FileControl foo/bar ic_session:secure:foo

      # Check for $Session->{secure} ne "foo"
      FileControl foo/bar ic_session:!secure:foo

* Add ability to pass permission for a directory from userdb.

    FileControl foo/bar/path ic_userdb

  Permission for either "foo/bar/path" or "foo/bar/path/filename" will
  allow access. If "foo/bar/path/filename" is set but not "r", then it will
  be denied even if "foo/bar/path" is allowed. In other words, a depth-first
  search is done both on the individual atom and the file itself.

  BUG:

      {
        'foo/bar/deep'              => 'rw',
        'foo/bar/deep/deeper'       => 'n',
        }

   will allow access to foo/bar/deep/deeper/somefile with

    FileControl  foo/bar/deep  ic_userdb

   In other words, all entries matching the parent path are
   not searched in the target ACL.

* Add some intrinsic FileControl checks.

	# Is a catalog superuser
    FileControl foo/bar ic_super

	# Is a catalog admin
	FileControl foo/bar ic_admin

	# Is logged in at all
	FileControl foo/bar ic_logged

	# Is logged in at userdb table of "userdb"
	FileControl foo/bar ic_logged:userdb

	# Is logged in at userdb table of "affiliate"
	FileControl foo/bar ic_logged:affiliate

	# Run check on userdb file_acl
	FileControl foo/bar ic_userdb

	# Run check on userdb file_acl
	FileControl foo/bar ic_userdb:file_acl

	# Run check on userdb db_acl
	FileControl foo/bar ic_userdb:db_acl

	# Check for $Scratch->{dealer} set
    FileControl foo/bar ic_scratch:dealer

	# Check for $Scratch->{dealer} NOT set
    FileControl foo/bar ic_scratch_deny:dealer

	# Check for $Session->{secure} set
    FileControl foo/bar ic_session:secure

	# Check for $Session->{secure} NOT set
    FileControl foo/bar ic_session_deny:secure

  These don't override the NoAbsolute checks.

* Created $Vend::File::errstr which is set to get the error message,
  otherwise defaults to the standard one.

* Add both global- and catalog-level FileControl directive that allows
  mapping subroutines (or named pre-existing subroutines) to a path.
  Does a depth-first search starting with the file name.

* In either interchange.cfg (takes priority) or catalog.cfg put:

	FileControl include/junk  <<EOR
	sub {
		my ($fn, $write, @caller) = @_;

		## Allow write to files containing "foo"
		if($write) {
			return $fn =~ /foo/;
		}

		## Allow read if file doesn't contain "bar"
		return $fn !~ /bar/;
	}
	EOR

* In either interchange.cfg (takes priority) or catalog.cfg put:

	FileControl  include/junk  some_sub

  This uses either Sub or GlobalSub

* Only in interchange.cfg, you can put a mapped routine name:

	FileControl  include/junk  Vend::SomeModule::file_control

* If no FileControl is not set, the checks are not done for performance
  reasons.

* TODO: Add standard UserDB methods.

Ugly workarourd for flock bug in Perl 5.8.0

* Add new Vend::File module with minimal functions.

* Relocate following routines (and their subsidiaries) from Vend::Util:

	canonpath
	catdir
	catfile
	exists_filename
	file_modification_time
	file_name_is_absolute
	get_filename
	lockfile
	path
	readfile
	readfile_db
	set_lock_type
	unlockfile
	writefile

  Added stubs so that package-based calls to those routines will not
  break software.

* Added CatalogUser directive that allows setting in interchange.cfg
  of allowed username that is used for access to absolute-path names.

  	CatalogUser  foundation  joe
  	CatalogUser  reports     jane

  This sets the user for allowed_file() for further read/write checks
  based on username.

* Created allowed_file() routine and replaced all current inline checks
  for NoAbsolute with call to that routine. It behaves as:

  NoAbsolute is No: all files are accessible, always

  Allowed for read/write:
  	Path name is relative with no ..
  	Path name is absolute but in the catalog directory
  	Path name is absolute but in a TemplateDir

  Allowed for read:
	CatalogUser set to a valid username and file is readable by that user
	CatalogUser set to a valid username and file is readable by a group
	 containing that user

  Allowed for write:
	CatalogUser set to a valid username and file is writable by that user
	CatalogUser set to a valid username and file is writable by a group
	 containing that user

* Changed display_special_page so that special page entries with ../
  will not break things.

* TODO:

	-- Code read for open() calls.
	-- Code read for chmod() calls.
	-- Code read for unlink() calls.

* Passes all regression tests; takes an order on foundation; runs UI including
  file navigator.