![[BACK]](/cvsweb/icons/back.gif){kind=icon}
Up to [Local Repository] / interchange / lib / Vend
Request diff between arbitrary revisions
Keyword substitution: kv
Default branch: MAIN
Fail gracefully on bad searches (#164).
* Updated copyright headers to 2007 (closes bug #102) * Added GPL and copyright headers to a few files that were missing them.
New Free Software Foundation Address in headers of various files
New Free Software Foundation Address in headers of various files
more verbose error message for missing special page
* Allow numerals in all but first position in unpack output areas.
* Allow numerals in all but first position in unpack output areas.
Big copyright and version number update to prepare for 5.3.2 release.
* Make some inroads against whitespace pollution in the named output model.
Create global variable MV_SUBJECT before interpolating special_page/* as a more secure alternative to [subject] pseudo-tag.
* SpecialSub -- directive to specify subroutines (catalog or global)
upon certain conditions, i.e. "missing".
When the routine is called, it should perform whatever action is
required. If it wants the catalog to continue with the default
action, i.e. the "missing" special page, it should return false.
If it returns true, and there is no second parameter of a page name
returned, it will be assumed all required action has
been taken and the default action will not be performed.
If it returns true, and a second parameter is returned, it
is the name of a page to display in lieu of the original one.
This allows
SpecialSub missing check_category
Sub check_category <<EOS
sub {
my ($name) = @_;
return unless $name =~ m{^[A-Z]};
$name =~ s,_, ,g;
my ($prod_group, $category) = split m{/}, $name;
$CGI->{co} = 1;
$CGI->{fi} = 'products';
$CGI->{st} = 'db';
$CGI->{sf} = join "\0", 'prod_group', 'category';
$CGI->{op} = join "\0", 'eq', 'eq';
$CGI->{se} = join "\0", $prod_group, $category;
$CGI->{sp} = 'results';
$CGI->{mv_todo} = 'search';
$Tag->update('process');
return (1, 'results');
}
EOS
You can also use a GlobalSub to perform actions not allowed in a catalog
subroutine.
* The Vend::Page module is modified to call a "missing" SpecialSub if
it exists. No other actions are currently handled.
added missing pieces from 5.0 to ensure that security fix really works
* Fix security hole where arbitrary variable contents can be displayed.
* Merge arbitrary variable display hole fix from trunk.
* Fix security hole which can expose arbitrary variable contents.
Move mv_nextpage fallback before security check. Clean up regexes and defaults.
* Add RedirectCache directive which allows redirected page requests to be set to mv_tmp_session then written to the target from which it was redirected. This allows a complete web site to be mirrored to static HTML as it is requested, accompanied with the proper setting of AcceptRedirect in Interchange and ErrorDocument in the Apache server. To use: * Set ErrorDocument 404 to the Interchange URL in Apache. * Set "AcceptRedirect Yes" in interchange.cfg. * Set "RedirectCache /var/www/html" in interchange.cfg (use your document root in place of /var/www/html). When a page http://yourdomain.tld/subdir/page.html is not found, Interchange gets a redirect which causes it to set mv_tmp_session=1. If Interchange doesn't find the page, then it returns "missing" and no writing is done. If IC does find the page, it is written to /var/www/html/subdir/page.html and the page will be found on next access. Exclude on HTTP server side can be done with permissions -- don't set it writable by IC daemon if you don't want it written. TODO: Improve permissions mask setting options, allow excludes from IC side, add NoClobber option. * Fix problem where defining blank GlobalSub would kill *all* globalsubs.
* Allow an ActionMap, Autoload, or profile to generate a completely virtual page and avoid readin() of anything.
* New Usertag [capture-page] bringing back some of the static page
capabilities, designed to called from Interchange jobs. The tag
is able to reproduce standard as well as search results pages:
[capture-page page=index file=static/index.html umask=022]
[loop list="Levels,Rulers,Squares"]
[capture-page page="[loop-code]" file="static/cats/[loop-code].html"
scan="fi=products/st=db/co=yes/sf=category/se=[loop-code]"
auto_create_dir=1]
[/loop]
Call tracking functions only if Vend::Track object exists. E.g. in jobs tracking isn't enabled. Disabling tracking with a configuration option might follow as well.
The great copyright, email address, URL, and version update.
* Add new Vend::File module with minimal functions. * Relocate following routines (and their subsidiaries) from Vend::Util: canonpath catdir catfile exists_filename file_modification_time file_name_is_absolute get_filename lockfile path readfile readfile_db set_lock_type unlockfile writefile Added stubs so that package-based calls to those routines will not break software. * Added CatalogUser directive that allows setting in interchange.cfg of allowed username that is used for access to absolute-path names. CatalogUser foundation joe CatalogUser reports jane This sets the user for allowed_file() for further read/write checks based on username. * Created allowed_file() routine and replaced all current inline checks for NoAbsolute with call to that routine. It behaves as: NoAbsolute is No: all files are accessible, always Allowed for read/write: Path name is relative with no .. Path name is absolute but in the catalog directory Path name is absolute but in a TemplateDir Allowed for read: CatalogUser set to a valid username and file is readable by that user CatalogUser set to a valid username and file is readable by a group containing that user Allowed for write: CatalogUser set to a valid username and file is writable by that user CatalogUser set to a valid username and file is writable by a group containing that user * Changed display_special_page so that special page entries with ../ will not break things. * TODO: -- Code read for open() calls. -- Code read for chmod() calls. -- Code read for unlink() calls. * Passes all regression tests; takes an order on foundation; runs UI including file navigator.
updated LINUXIA branch to 4.9 sources in order to use it as testbed again
* Major changes to the Interchange output model and UI.
* There will be more commits for menu data.
UI
-------
* Zeald's redesign of the UI layout is almost fully implemented. There
are but a few pages that don't incorporate the new layout.
* Each page can have an entry in mv_metadata, which allows setting
of page titles, display types, menus, and more via database setting.
An editor is provided.
* Virtual UI pages are fully supported. This will allow catalog-specific
UI settings to be transmitted to a catalog with simple database updates.
Each page is simply an entry in mv_metadata.
* The second-level menu can be set either with the page class, as before,
or in the page metadata with $Scratch->{second_menu}.
* There is a third-level menu callable via $Scratch->{third_menu}. There
are few situations where the old "next_line" menu setting causes the
third-level menu -- old menu files should be compatible but where possible
the third-level menu is explicitly specified.
* [table-editor] and [tabbed-display] can now do tabs to the third-level
menus. This provides a very seamless tabbed display that does not
require a page access to change.
* Many changes made to pages to map output to the new template.
* New GPG encryption wizard to make setting up of encryption as close
to painless as I can make it.
* Change to menu editor to incorporate better menu loading.
* New merge_metadata function allows management of new metadata when
updating the UI.
* Many, many minor changes and visual improvements.
* A good deal of documentation about the metadata and table editor
has been written, and those items should be committed soon. Many
of the features are covered.
Core
-----
* Output of the parser is now sent to @Vend::Output, which allows remapping
of the parser output before output by the Server module.
There should be no difference in behavior by default.
Each piece of output is pushed onto an array, and pointers
are maintained as to the name of the output. The default if
the output is not remapped is to go to the $Vend::OutputMap{''} space.
When output is done in non-mapped mode, @Vend::Output is simply
joined and sent.
The behavior diffence comes if you use the Vend::Page::output_cat
routine. It will output the value of a named space.
You can map output with the ITL tag:
[output-to name=foo]
To return to the default space, you use:
[output-to name=""]
To return to the *previous* named space, use:
[output-to]
That is not normally what is wanted, though.
All of the above allows you to map pieces of a page to different named
spaces and unpack them with the [unpack] tag.
This is all perhaps easier illustrated than described -- the illustration
is in the changes to the UI, which map output from the page code to the
template.
Sweeping update of Akopia/Red Hat references, to prepare for 4.8 release with current Interchange URLs and contact information.
* init_page routine was running multiple times and possibly even before a page is selected (if Autoload or action called interpolate_html). Modify to run only on the first interpolate_html after the display_page routine is called.
* Add the oft-requested DirectoryIndex feature.
Update Andrew Wilcox's email address at his request.
Update Andrew Wilcox's email address at his request.
Big copyright date update. This will be the last time that Red Hat copyright notices get updated en masse, since the bulk of new code will very likely come from non-Red Hat employees.
* Fired what I think is a major blow in the ongoing escaping problems. Set up an ESCAPE_CHARS::std variable which encodes everything HTML::Entities normally does plus [. This should be used almost exclusively for encoding. * Fix encoding in most places it is done. * Fix a couple of default/override bugs in Vend/Form.pm at the same time. * Add a "admin/test_code.html" page for testing short snippets of ITL without having to create a test page. * Make the table populator JavaScript honor the db tables the particular admin user is supposed to see.
Update version number and copyright year, to prepare for the eventual day when we release version 4.8.4.
* Totally disallow scripting start chars (< and [) in page names.
* Totally disallow scripting start chars (< and [) in page names.
* Security fix for remote script execution exploit. * Minor potential bug fixed.
* Security fix for remote script execution exploit. * Minor potential bug fixed.
* Minor, minor change for safer setting of variable from match. * Optional for 4.8 tree.
Upping major version number after trunk/branch switch.
Move DEV_4_7_0 development branch to repository trunk.
* Change fly-page and fly-list so variables don't get parsed twice, but still get parsed before flypage substitutions. Add opt variable to call for control; could be used in future for other purposes. * Fix [fly-list] tag so that the options work; previously they never would have.
Update copyright notices and email addresses. Standardize module headers and remove a few shebang lines.
* Added Tie::ShadowHash to list of carried modules. We should add
to Bundle::Interchange, but it hasn't changed for 3 years and the
version we carry about should be OK. Using the "extra" method of
distribution.
* Cleanup of Vend::Server and scripts/interchange.PL (along with
some other modules) to move IC closer to being thread-safe for
server execution. This should make it fairly reasonable to
start testing with the PreFork mode, which is pretty
worthwhile.
WARNING: This is a dangerous change. I have messed with the state of
the global variables, and it is not at all inconceivable this will
need to be backed out as a show-stopper is found. If you are relying
on the code to any degree, I suggest you wait a while before making
this update.
Standard low traffic mode,
MaxServers 5
% /h/cgi-bin/nph-bench
Doing 1 times, pages=blank, concurrency=-n 50 -c 5.
BEGIN round 1
gfound blank: Requests per second: 5.13
mfound blank: Requests per second: 4.80
pfound blank: Requests per second: 4.80
END round 1
RPC mode
PreFork Yes
StartServers 5
MaxRequestsPerChild 100
Doing 1 2 3 times, pages=blank, concurrency=-n 50 -c 5.
BEGIN round 1
gfound blank: Requests per second: 37.94
mfound blank: Requests per second: 38.88
pfound blank: Requests per second: 35.69
END round 1
BEGIN round 2
gfound blank: Requests per second: 36.10
mfound blank: Requests per second: 37.04
pfound blank: Requests per second: 21.21
END round 2
BEGIN round 3
gfound blank: Requests per second: 27.92
mfound blank: Requests per second: 34.84
pfound blank: Requests per second: 30.92
END round 3
gfound=DBM
mfound=MySQL
pfound=PostGres
Both are serving a page without ITL in it, which essentially measures
overhead introduced by the IC server. Some of the variance in the second is
due to having to re-fork servers once reaching MaxRequestsPerChild.
Here are some times for a page which has only
<XMP>
[query list=1 sql="select * from products"][sql-code] [sql-param description] [sql-price]
[/query]
</XMP>
Without prefork:
Doing 1 times, pages=dbtest, concurrency=-n 50 -c 5.
BEGIN round 1
gfound dbtest: Requests per second: 2.54
mfound dbtest: Requests per second: 2.46
pfound dbtest: Requests per second: 1.79
With prefork:
Doing 1 times, pages=dbtest, concurrency=-n 50 -c 5.
BEGIN round 1
gfound dbtest: Requests per second: 4.23
mfound dbtest: Requests per second: 4.36
pfound dbtest: Requests per second: 2.51
END round 1
All are measured on my 800MHz Athlon with IDE. Sessions are zeroed before
each run, and a new session is created every time.
Postgres is consistently slower than MySQL and GDBM in these cases. I
did the same query using Benchmark, and it is obvious the DB takes up
much of the time.
Fix display_special_page so it looks for a real file first, then a page via readin. Needs companion fix in Util.pm that allows readfile with no Locale.
Change CVS revision number parsing for 4-part version numbers. (Unimportant.)
* Remove unnecessary put_session things now that we have better
session locking.
Allow $VERSION setting to handle more than 2-part version numbers.
Whitespace changes (diff -b -B will report nothing)
stylistic changes
Server.pm minor whitespace changes (someone is using tabstops of 4 vs. 8) moved "use strict" to head of file. added "use" statements for Vend::Data, Vend::Error, Vend::Interpolate, Vend::Page, Vend::Session, Vend::Track & File::CounterFile s/::errmsg/errmsg/ (lines 693, 1123, 1180 ... I don't remember why .. T think something was complaining) s/::dispatch/dispatch/ (line 711 ... to reflect move) s/Vend::Util::copyref/::copyref/ (line 1227 ... to remove extra hash lookups) moved globals from interchange (%action, $H) moved subs from interchange (set_file_permissions, adjust_cgi, url_history, http, response, dispatch) (also performed s/::response/Vend::Server::response/ on interchange) Misc/Static.pm s/::set_file_permissions/Vend::Server::set_file_permissions/ (line 221) Document.pm s/::response/Vend::Server::response/ (line 39) Error.pm added Content-type to redirect (line 55) s/::response/Vend::Server::response/ (lines 80 & 84) s/::http/Vend::Server::http/ (line 110) Page.pm s/::response/Vend::Server::response/ (lines 65 & 97) Parse.pm s/interpolate_html/Vend::Interpolate::interpolate_html/ (line 435 ... I was getting errors otherwise) s/::response/Vend::Server::response/ (lines 969 & 1281) added Content-type to redirect (lines 1091 & 1392) Interpolate.pm s/::response/Vend::Server::response/ (line 433) !!!! I had to make these changes because stuff wouldn't work otherwise .... I don't know if this was autouse interferring or what .... I am not to pleased with this but couldn't get it to work otherwise .... any ideas? !!!! compressed 3473-3475 to 3473 changed s::: to s!!! to put :: in replacement (lines 3392, 3393, 3472, 3473 & 3474) s/increment_field/Vend::Data::increment_field/ (line 680) s/set_field/Vend::Data::set_field/ (line 688) s/::database_exists_ref/Vend::Data::database_exists_ref/ (line 691) s/database_field/Vend::Data::database_field/ (lines 696 & 1034) s/product_field/Vend::Data::product_field/ (lines 1042, 1107, 1445, 3385, 3393, 3451 & 5004) s/database_exists_ref/Vend::Data::database_exists_ref/ (lines 2139 & 4888) s/product_description/Vend::Data::product_description/ (line 3392) s/product_price/Vend::Data::product_price/ (line 3396) s/item_subtotal/Vend::Data::item_subtotal/ (lines 3464, 3467, 3956 & 5141) s/item_field/Vend::Data::item_field/ (lines 3472 & 5140) s/item_description/Vend::Data::item_description/ (line 3473) s/item_price/Vend::Data::item_price/ (lines 3474, 3477 & 3482) s/product_code_exists_ref/Vend::Data::product_code_exists_ref/ (line 3852) s/db_column_exists/Vend::Data::db_column_exists/ (lines 3862 & 4889) s/database_field/Vend::Data::database_field/ (lines 3865 & 4895) s/column_exists/Vend::Data::column_exists/ (line 4901)
Added mv_more_id support.
Added multiple security fixes. Added beginnings of IPC to perl programs. Added Sub (catalog.cfg) link to [PREFIX-exec]. Added hs (head skip) option to [import ....] tag.
Changed Interchange name all over, minor exceptions being mvfaq.pod and mvrpm.pod. Changed copyright notice to Akopia.
Modified Files: lib/Vend/Interpolate.pm lib/Vend/Order.pm lib/Vend/Page.pm lib/Vend/Server.pm scripts/minivend.PL Added Files: lib/Vend/Track.pm Stefan Hornburg's start at traffic statistics. Thanks Stefan!
Initial import of changed Challenger with UI instead of Minimate.
Initial revision