![[BACK]](/cvsweb/icons/back.gif){kind=icon}
Up to [Local Repository] / interchange / lib / Vend
Request diff between arbitrary revisions
Keyword substitution: kv
Default branch: MAIN
lines attribute added to [nitems] to show the number of lines in the shopping cart instead of the sum of the items (#225).
Support "secure cookies", which are sent only over SSL connections. Use [set-cookie ... secure=1] to enable. This is from a patch by Frederic Steinfels <fst@highdefinition.ch> from 2006-05-19, which fell between the cracks. Thanks, Frederic!
Allow rounding of negative numbers by round_to_frac_digits routine.
Various minor UTF-8 changes.
Correct attribution of &Vend::CharSet::display_chars (which is from
perluniintro manpage).
Enable localization of an error string.
Match content type more tightly in 2 spots ("text" is only trustworthy
in the MIME major type, not minor, and even that may be a stretch).
Simplify request method matching in a few places for readability and a
(trivial) performance benefit.
Use conventional $c lexical instead of $g for catalog hashref.
Fix tab/space differences to match context.
Update copyrights of files changed in 2008.
* Committing Sonny Cook's UTF-8 patches, along with a fix for the
PreFork issue caused by the patches. Thanks, Sonny!
* From Sonny's original article on interchange-core:
There are two variables that will need to be added to your
catalog.cfg: MV_HTTP_CHARSET and MV_UTF8. They should be set
like so:
Variable MV_HTTP_CHARSET UTF-8
Variable MV_UTF8 1
The MV_UTF8 variable tells the system that we are using UTF-8
for stuff internally when that needs to be specified. Perl mostly
does the right thing wrt UTF-8, but when we need to explicitly
specify for one of a handful of reasons, this variable lets us
configure that.
The MV_HTTP_CHARSET specifies which character set that the web
pages are going to be encoded with. UTF-8 is the only value that
has been tested at the moment, although it probably generalises
to whatever you would like to use.
Communication with the database introduces three database
directives. These are required to ensure that data is properly
communicated with the database:
PG_ENABLE_UTF8
MYSQL_ENABLE_UTF8
GDBM_ENABLE_UTF8
These can be set on a table by table basis or with DatabaseDefault.
You will probably want to set the one for the sql database you are
using and one for GDBM, like so:
DatabaseDefault PG_ENABLE_UTF8 1
DatabaseDefault GDBM_ENABLE_UTF8 1
You will need to make sure that your database is encoded in UTF-8
and that all of your data is encoded that way as well.
Enabling UTF-8 should not cause any problems if your data is all in
US-ASCII, but might cause problems if other encodings are involved.
* Note: This commit is missing the latest safeuntrap/reval/safetrap
code, which should be added ASAP. In the meantime, the following
works in the interchange.cfg file (with Perl 5.8.8):
SafeUntrap rand require caller dofile print
* Fix bug in regex for auto_format anchor handling.
* Fix bug in regex for auto_format anchor handling.
* Added a backtrace() subroute that I find useful every now and again.
* I'm not sure what en_UK is, or even what the list is for, but I'm
sure that en_GB needs to be in there. Someone please remove en_UK
if it's bogus.
* This was such a short patch that I didn't bother to test it.
That'll teach me, as I now find myself posting a second correction
for my two-line patch.
* Fixed a copy/paste error in my last commit.
* Aboid problems arrising from an undefined TemplateDir.
* Updated the previous commit to use a "return" statement, rather
than just "undef", as suggested by Jon Jensen.
* ::logDebug() shouldn't return anything at all. This patch should
help avoid any future debug-related "gotchas".
* Fix improper change from double to single quoting in escape string.
This patch makes the following changes to sessions per IP limit protection:
* There are now seperate settings for the amount of time allowed to trigger a
lockout and the amount of time a lockout lasts for.
* Lockouts are now triggered based on new sessions per time limit, which is
different from the old critera of new sessions between pauses of length
time. This means that if RobotLimit is set to 100 and the other
settings were left at thier defaults then a 24 hour lockout would be
triggered if a given IP address had 100 new sessions in any given 60
minute time period.
Settings used by this patch:
RobotLimit: Used to determine the number of new sessions required to trigger a
lockout. Default is 0 which disables this feature alltogether.
Limit robot_expire: Used to determine the amount of time a lockout will last
in days once triggered. Can be less than 1, for example 0.04 is
slightly less than an hour. Default is 1.
Limit ip_session_expire: Used to determine the length of time in minutes for
RobotLimit sessions to build up in the counter file and trigger a
lockout. Default is 60 (1 hour). This can also be set to fractional
numbers, for example 0.5 will allow 30 seconds.
Also make note of the following:
* When first implementing you should delete all the old counters with:
rm -rf catroot/tmp/addr_ctr/*
...be careful with the above command, if mistyped it can seriously mess up
your filesystem.
* Shell command to view the contents of one of the binary new counter files:
perl -e 'binmode STDIN;' -e '$/=undef;' -e '$_ = <STDIN>;' \
-e 's/(.{4})/localtime(unpack("N",$1))."\n"/seg;' \
-e 'print;' < 0_0_0_0
...where 0_0_0_0 is the filename of the binary counter. The command will
show you a list of timestamps in human readable form.
stop mangling of UTF-8 characters (#58)
* Remove inefficient tests for template tags, setting the whole debug info array except for the caller() ones.
* Add a couple of new features in debug. (I had originally been waiting to
do this in my "big debug/logging update", but that never happened.)
* DebugTemplate, a global directive, gives the ability to change the format
of debug messages. You have the ability to add the following:
- Any %H %M %S tags are interpreted as POSIX::strftime() markers. %% for
a percent sign, of course.
- {CALLER0}..{CALLER9} gives the member of the caller() list.
- {CATALOG} gives the current catalog name.
- {HOST} gives the host (or IP address).
- {MESSAGE} is the marker to show the actual debug message.
- {PAGE} gives the current $Global::Varialble->{MV_PAGE}
- {REMOTE_ADDR} gives the IP address.
- {TAG} gives the current tag name in Vend::Parse
* DebugHost, a catalog directive, allows you to turn on debug only for
selected hosts. It accepts a list of IP address ranges, i.e.:
DebugHost 10.1.1.0/24 12.176.97.0/25
* The SpecialSub debug_qualify, if present, is run to determine whether
debug should be turned on. For instance the following:
Sub check_for_debug_cgi sub { return $CGI->{debug} }
SpecialSub debug_qualify check_for_debug_cgi
Would only turn on debug when debug=1 is in the URL/form. Obviously
there are chicken before egg issues when you are early in the dispatch
cycle, so be careful!
* To support DebugHost, added a parse_ip_address_regexp routine that
relies on Net::IP::Match::Regexp module. We might want to investigate
whether this one is fast enough so that we can replace $Global::RobotIP
regexes and such....I didn't worry about speed since this is just debug,
but the module is reputed to be pretty fast. Certainly it should be for
small lists.
New Free Software Foundation Address in headers of various files
New Free Software Foundation Address in headers of various files
preserve currency locale settings in a different repository set up at config time, fixes Debian bug #397750
* Allow "convert=0" to be passed to the [currency] tag to override the
the "locale" parameter's automatic conversion.
* Make sure the "convert" parameter is set correctly, even if the tag
is called from the recently modified [price] tag.
* If Net::SMTP failes to instantiate then the $smtp variable remains
undefined. This leads to bombshells such as "Can't call method "mail"
on an undefined value".
* Silently ignore invalid tables in the PageTables list. Could
be changed to noisily ignore them, if someone would prefer it to
do that.
* Fix problem where get_option_hash would return the reference itself when passed one. We need to return a copy so that we can be assured we won't modify a configuration value improperly. Since the user is asking for an option hash from a possible string, they should not ever need or want the exact same reference back. Most of the work done by Bruno Cantieni.
* Fix problem where get_option_hash would return the reference itself when passed one. We need to return a copy so that we can be assured we won't modify a configuration value improperly. Since the user is asking for an option hash from a possible string, they should not ever need or want the exact same reference back. Most of the work done by Bruno Cantieni.
* Remove all cases of "split //", which if modified could conceivably conflict with new // operator in Perl 5.10 (though that would be unlikely).
* Allow limiting of size of logData error message. Limit logdata_error_length 80
fix weird error with missing frac digits in UI typically caused by missing locale in Debian installations, reported by Michael Hess on IRC (among others)
Apply Mike's patch: Add display option to [item-price] and [item subtotal]
* When display="text", make sure that the currency text is always
displayed before the price value. The p_cs_precedes value doesn't
apply to the int_currency_symbol.
* Make sure that the currency text is separated from the price value,
just in case the administrator uses something like "GBP", instead
of "GBP ", in the int_currency_symbol.
Added a feature to the currency tag in order to display textual representation of the currency symbol. The so called international currency symbol according to the ISO 4217 standard. Usage: 1. Add int_currency_symbol entry to the locale table. 2. Add the display option to tags, like: [total-cost display=text] Valid values for the display option: - text Displays 'EUR ', 'GBP ', 'USD ' (EUR 125.40) - none No symbol, displays formatted number only. (125.40) - symbol Default behavior (same as calling the tag without display option)
* Actually change the currency keys in Locale when doing a currency locale change.
* Prevent Interchange from tripping the DATE_SPAMWARE_Y2K (Date header uses unusual Y2K formatting) SpamAssassin rule with every email it sends.
* Prevent Interchange from tripping the DATE_SPAMWARE_Y2K (Date header uses unusual Y2K formatting) SpamAssassin rule with every email it sends.
Big copyright and version number update to prepare for 5.3.2 release.
Add new email interception feature. This allows a developer to set a global or catalog variable MV_EMAIL_INTERCEPT, which causes all outgoing email to be rerouted to that email address. This makes it much easier to do development with functions that involve email because real end-user email addresses can be used but the developer will receive the mail. Headers in the form X-Intercepted-To: etc. are added to show what the original destination of the mail was, and the interception is also noted in the catalog error log.
* Add new support routines used in under-development content management and form routines.
* Implement new AccumulateCode and TagRepository directives. The rationale
is:
-- There is a huge base of Interchange code, much of which is not
needed in even the standard catalog with full UI. This causes a
larger memory profile than necessary.
-- It is difficult to determine from the page code what code is
needed, especially when a [tag] can call a $Tag can call
a filter can call some sort of Action.
-- A feature is needed to allow building catalogs with a more
nearly optimal set of code than just "everything".
If AccumulateCode is no, operation is exactly as before. There have
been some code initialization changes and routine calling changes,
but the data structures are identical and no difference in operation
should be seen.
If you set AccumulateCode to "Yes" and specify a TagRepository that
contains all known UserTag, ActionMap, Filter, Widget, etc. etc.
code, Interchange starts accumulating and compiling these as
needed.
The code is sent to the master process for compilation and
incorporation, so that the next iteration of a page after HouseKeeping
seconds will find the code already compiled and ready to go.
It also copies the code file to the "code" (actually $Global::TagDir)
directory in the "Accumulated" subdirectory tree. When you restart
Interchange, these tags/filters/widgets/checks are read normally
and need not be recompiled on the fly.
Over time, as you access pages and routines, a full set of tags
will be developed and you can turn AccumulateCode to "No".
* There can be failures due to calling a $Tag from within embedded
Perl for the first time, particularly when it uses a MapRoutine or
calls another $Tag within. This is due to Safe, and there is probably
not much to be done about it. The good news is that the error should
go away after HouseKeeping seconds when the tag gets compiled by the
master.
This could be avoided in the case of an AllowGlobal catalog, and it
might be possible to make a directive that turns on AllowGlobal only
when in AccumulateCode mode.
The area, tmp, tmpn, and image tags are known to fail in this
way in the standard catalog. Tags that are frequently called
in this fashion should probably be placed in a "code/Vital"
directory and not be accumulated.
* This is only recommended for development -- it might
be possible to remove a tag/filter/etc. from the master
and recompile these on the fly, but I haven't looked at that
yet.
Another nice feature is that you can easily add a tag simply
by adding its code to the TagRepository and having it
compiled.
* WARNING: Nice features are often dangerous! Don't run this in
production -- you have been warned!
* WARNING: OrderCheck is not yet implemented, and a full audit has
not been done on all compiled code directives.
* WARNING: Not fully tested in Prefork mode, and really not intended for
that mode.
* WARNING: Including multiple tags in a file may have unpredictable
behavior. You should try to keep related Alias and tag things in
the same file.
* This feature only applies to Global code -- Catalog-based code
shows no change.
* Passes the regression tests 100% when called with an empty "code"
directory, compiling every tested tag and executing without error.
* We had been running without warnings so long, we had gotten a bit sloppy
in our code in some places.
Because we do lots of uninitialized hash member stuff with arrays
of fields and $opt, it is basically unreasonable for us to run with
the "use of uninitialized variable" warnings. Because we do a fair
amount of numerical comparisons on empty string values, it seemed
unreasonable to run with "string value in numeric gt" enabled.
Also, because Safe, HTML::Entities, and some other modules have
these checks enabled, page code is bound to have warnings issued
no matter what you do.
It seems better to run with some warnings enabled so that we can
catch bad code practice.
So I have made the code run without warnings prior to and after
interpolate_html(), and turned off warnings by default in the
page code.
If it is desirable to turn on warnings for pages, you can use
[pragma perl_warnings_in_page] and see warnings for that page
(or by default if you put in catalog.cfg).
* In general these changes are:
no warnings qw(uninitialized numeric);
in most pages.
* Add $::Pragma->{perl_warnings_in_page}.
* Remove defined checks when simple set tests will do.
* Streamline some code.
* Allow finer-grained control of way strings are serialized by IC.
* Add Help capability to options generation. Uses Help member in CodeDef sections, and is automatically generated by codedef_options. * For use in widgets without that, you need to generate the options as a reference and use that. (I will think about a mechanism to allow that in metadata.) Illustration with previously generated options: [calc] %opts = ( ['foo', 'Foo', 'This is the Foo selection help'], ['bar', 'Bar', 'This is the Bar selection help'], ); return; [/calc] [display type=radio name=foobar options=`\%opts` ] <br> Or inline: [display type=select name=foobar options=`[ ['foo', 'Foo', 'This is the other Foo selection help'], ['bar', 'Bar', 'This is the other Bar selection help'], ]` ]
* Add Stefan's suggested Visibility modification for CodeDef options.
By default the visibility is public.
It wants something like:
codedef:JavaScriptCheck
Will return all public Descriptions.
codedef:JavaScriptCheck:private -- return public and private.
codedef:JavaScriptCheck:private,admin -- return public,private,admin
If Visibility is "with Foo::Bar", it checks to see if $Foo::Bar::VERSION
is true and returns the option if it is.
* Create routine to automatically select Routine for certain type of
CodeDef. Currently there are many separate methods of doing that.
This one prefers local over global, and is called with:
codedef_routine($type, $name);
For instance, codedef_routine('OrderCheck', 'multistate') will
return $Vend::Cfg->{CodeDef}{OrderCheck}{multistate} if it exists,
otherwise returns $Global::CodeDef->{OrderCheck}{multistate}.
* Modify Form.pm to use this for JavaScriptCheck. More will be
added.
* Modify filters to add private Visibility for non-mainstream filters.
* Modify meta editor to use this.
Fix / simplify regexes.
Make date header RFC compliant.
Improvements to Net::SMTP email method: * Net:SMTP debug messages output to global debug file when in Interchange debug mode. * Stop double hello if MV_HELO is specified. * Fall back on SERVER_NAME if no MV_HELO is specified - much nicer than the Net::SMTP default of 'localhost.localdomain'. * Add in From address to mail header. * Add timestamp to mail header.
* Add ability to route certain error messages with either a $opt->{tag}
option call or by the string that the errmsg() routine is called
with.
Adds ErrorDestination directive. Example:
ErrorDestination "Attempt to order missing product code: %s" logs/missing_product.log
* Add ability to specify a different target file with logError, by
prepending an option hash:
logError({ file => 'other.log' }, "msg %s", $var);
* Make logOnce slightly more efficent (and more readable).
Back out unintentional commit
* FETCH when there was a conflicting session was returning wrong value.
Remove redundant AlwaysSecure check. Move match_security check to be grouped with another security check just for more logical grouping.
* Add PostURL, SecurePostURL, and ProcessPage directives. This allows
a different path for GET and POST requests (presuming you only post
with the [process] tag for the <form> action).
This allows Interchange to handle internal redirects and DirectoryIndex
requests via Apache transparently via reading the REDIRECT_* environment.
It should also allow internal redirects via other modules such as mod_perl.
The default for the [process ..] tag is the same as now, to use VendURL
or SecureVendURL as the default URL.
If you set up in Apache:
DirectoryIndex index.html /cgi-bin/foundation
<LocationMatch *\.html>
ErrorDocument 404 /cgi-bin/foundation
</LocationMatch>
In interchange.cfg:
AcceptRedirect Yes
In catalog.cfg:
VendURL http://www.foo.com/
SecureURL https://www.foo.com/
PostURL http://www.foo.com/cgi-bin/foundation
SecurePostURL https://www.foo.com/cgi-bin/foundation
ImageDir
DirectoryIndex index.html
DeliverImage yes
then a properly set up catalog (using [process href="[whatever]"]
on any form action that is a POST) will look just like a static
HTML site, and will deliver relative images and simple links
properly for a GET.
There should be no difference to normal operation of Interchange if
these changes are not made.
* Delivering images properly for a POST is a different story. There
needs to be some thought on this -- it could be that:
<head>
[calc]
my $method = $Tag->env('REQUEST_METHOD');
return unless $method =~ /post/i;
my $path = '@@MV_PAGE@@';
return unless $path =~ s,(.*)/.*,$1,;
return qq{<BASE HREF="$path">};
[/calc]
</head>
will handle most anything.
* Improve handling of
[page href="http://www.foo.com/bar.html"
form="
buz=baz
"]
It will now deliver the link you would expect:
http://www.foo.com/bar.html?buz=baz
* Add Status: and Content-Type: headers if we are the recipient of an internal redirect. * Remove references and tests on $Vend::InternalHTTP and $Vend::OnlyInternalHTTP, which are no longer wanted with the removal of the internal HTTP server.
* Don't add .html if the page reference is for a directory, avoids http://foo.com/cgi-bin/bar/directory/.html link.
Allow setting scratch mv_no_session which prevents mv_session_id and mv_pc from ever showing up in generated URLs, even when no cookies are present. Internally use vendUrl-native scratch -> opt system for no_count instead of a special case. No functionality change.
use DefaultLocale for [LC] if [scratch mv_locale] is empty
Move $opt empty hashref default up before first use of %$opt.
* Backport possible file security problem with code/SQL injection.
* Fix possible SQL/code injection vector
* Fix possible code/SQL injection vector.
* Add cheesy auto_format page/URL detection facility to try and tolerate user-built menus a bit better. In particular, this will recognize a non http: anchored absolute URL and will tolerate anchors in the page name. Called with auto-format=1 as a param.
* Allow return of page from readin (or readfile in locale mode) without the locale language substitutions done. This allows proper edits of pages.
* Set up error reporting to be able to catch database errors
and display in session, catalog error.log, or global error.log
1. Logging levels are on a per-table basis, with
defaults that can be set with DatabaseDefault:
DatabaseDefault LOG_ERROR_CATALOG 1
DatabaseDefault LOG_ERROR_SESSION 1
DatabaseDefault LOG_ERROR_GLOBAL 0
DatabaseDefault DIE_ERROR 0
2. Log errors to the catalog error.log by default.
Database inventory LOG_ERROR_CATALOG 0|1*
3. Log errors to the session always if an admin, and
controlled by configuration if not.
Database inventory LOG_ERROR_SESSION 0|1*
This has the effect of giving a big red error message when such
an event as failing to create a record occured. In most cases,
you would be able to use the <-Back button and fix the error
and resubmit.
The error tag is "table foo", where foo is the table.
4. Die at the page level (500 error) only if that is explicit
request in config for that table:
Database inventory DIE_ERROR 0*|1
5. Log errors globally only on explicit request:
Database inventory LOG_ERROR_GLOBAL 0*|1
6. LENGTH_EXCEPTION errors go into warnings if they are handled
with truncate.
* default
* Fix numeric sorting in SQL statements if a field is NUMERIC.
* Allow limits from SQL statement to flow through even if ml="" is set
and let direct_sql.html admin page honor them.
* Fix table names so that we don't have the funky .txt problems
where a SQL query would not work on a DBM database unless
the file name base matched the table name.
* Attempt to regularize error messages so that they can be
more easily translated. Now should have about 50% less
variations.
Handling the anchor option in the area and page tags was being handled in 2 places vendUrl and in tag_area. Removed handling code from tag_area and fixed code in vendUrl.
Various minor cleanup, prevents warnings on startup.
* Remove extra meta_record routine and change references to
UI::Primitive::meta_record to Vend::Table::Editor::meta_record.
* Delete {Source} value from $Vend::Cfg to save memory.
* Remove unused stub Vend::Data::dbref.
* Change Vend::Util::dbref to be a simple pointer to
Vend::Data::database_exists_ref. Remove extra "my $loc".
* Remove improperly exported parse_locale routine from Vend::Util.
(Another parse_locale in Vend::Config, and all calls in the code
contain package reference.)
* Update dont_warn() routine to only include need variables/handles.
* Remove "prime" of sort routine in Vend::Search no longer necessary
now that Perl 5.005 is not supported.
The great copyright, email address, URL, and version update.
removed code for static page generation
don't use NoCache directive any longer
* Add new Vend::File module with minimal functions. * Relocate following routines (and their subsidiaries) from Vend::Util: canonpath catdir catfile exists_filename file_modification_time file_name_is_absolute get_filename lockfile path readfile readfile_db set_lock_type unlockfile writefile Added stubs so that package-based calls to those routines will not break software. * Added CatalogUser directive that allows setting in interchange.cfg of allowed username that is used for access to absolute-path names. CatalogUser foundation joe CatalogUser reports jane This sets the user for allowed_file() for further read/write checks based on username. * Created allowed_file() routine and replaced all current inline checks for NoAbsolute with call to that routine. It behaves as: NoAbsolute is No: all files are accessible, always Allowed for read/write: Path name is relative with no .. Path name is absolute but in the catalog directory Path name is absolute but in a TemplateDir Allowed for read: CatalogUser set to a valid username and file is readable by that user CatalogUser set to a valid username and file is readable by a group containing that user Allowed for write: CatalogUser set to a valid username and file is writable by that user CatalogUser set to a valid username and file is writable by a group containing that user * Changed display_special_page so that special page entries with ../ will not break things. * TODO: -- Code read for open() calls. -- Code read for chmod() calls. -- Code read for unlink() calls. * Passes all regression tests; takes an order on foundation; runs UI including file navigator.
* Add absolute_or_relative() routine to check whether a file name is either absolute or contains a ../ component. This is a stopgap routine only -- it is quite likely that we should do something a bit more useful for checking file security. For instance, there are many cases where we check for NoAbsolute and then do varied check routines. I guess it would make sense to have that just be one call to a subroutine. The reason it was done that way originally was to prevent unnecessary subroutine call overhead, as the original default for NoAbsolute was unset, but now that the default is "Yes" it would be better to do it. Improvements in Perl and processor speed have made subroutine overhead a smaller problem in non-looping situations like this.
removed usage of $Vend::Cfg->{ExtraSecure} which contradicts documentation
fixed auto_create_dir feature
* Fix small technical error pointed out by Jon.
* Fix round_to_frac_digits() so it handles numbers that don't have a pre-existing decimal point.
removed bogus require on ancient Perl version
let unhexify mangle only representations of hex chars problem by reported Ton, edition of locale records with %s in keys didn't work
* Minor: avoid warning.
updated LINUXIA branch to 4.9 sources in order to use it as testbed again
Update copyright dates.
Merge from trunk: * Fix bug where bad [nitems compare=...] could cause server error. Now just silently causes bad compare -- perhaps I should add logging?
* Automatically convert via PriceDivide if locale=xx_XX sent to [currency ...], [salestax ...], [total-cost], etc.
* The [setlocale currency=xx_XX] tag was destructive. This fixes it.
* Fix link generation options so that $opt->{no_session_id} and
$Scratch->{mv_no_session_id} work as they should.
* Make sure unwanted form params don't show up when using form=auto.
* Make no_session_id and no_count options authoritative for the page and area tags. * Export yet more routines.
* Allow delete of empty hash items in serial field setting.
* Removed the previous Vend::Util::readin() patch and now perform specific checks before the three calls that were cause for concern.
* Various patches to plug NoAbsolute-related security bugs when reading files. * If readfile()'s second parameter can be safely removed then this can be done in a later commit; I've left it alone for now.
Sweeping update of Akopia/Red Hat references, to prepare for 4.8 release with current Interchange URLs and contact information.
* Fix bug where bad [nitems compare=...] could cause server error. Now just silently causes bad compare -- perhaps I should add logging?
use parse_locale function to avoid code duplication
* Minor correction to *really* enable 'no_count' (per prior commit) * && -> and (for readability and consistency with code block)
* Change URL generation to streamline and bring one generation routine
for form_link, tag_page, tag_area.
-- form_link() stuff now done in tag_area and Vend::Util::vendURL,
aliased to tag_area
-- tag_page() calls tag_area to get URL
-- [order ..] also calls tag_area
-- Add three options to page/area/order:
no_session eliminates mv_session_id and mv_pc always
link_relative links relative to current page
match_security generates http:// on http:// page and
https:// on https:// page
-- Allow override of Scratch url format options
option Scratch
--------------- -----------------
no_session_id mv_no_session_id
no_count mv_no_count
add_dot_html mv_add_dot_html
add_source mv_add_source
* Make static page generation work again
-- Change call to Vend::SearchObject to proper $::Instance->{SearchObject}
-- check arguments for flypage (will probably need to remove flylist)
-- unhexify() the scan path
* Change auto_wizard tag to use new [table-editor] tag, remove abortive
[table-editor-tpl].
* Passes all regression tests, fully builds standard Foundation static
* Move most all code out of bin/interchange. The only routines that remain are: dontwarn version usage catch_warnings parse_options main_loop Once the initial startup for Interchange is done, this code is completely out of the picture. * Create new Vend::Dispatch module which contains the bulk of the code removed from bin/interchange. * Move the important update_data() subroutine to Vend::Data. * Move the session-related routines to Vend::Session. * Move the order-related routines do_order() and update_quantity() to Vend::Order. * Change many ::uneval() calls to plain uneval() or Vend::Util::uneval(). * Remove various unused tags and routines....
* Revamp of content edit. I think it is starting to get there..... * "Edit page", "Edit menu", even "edit component" links are inserted when you are logged in as admin. * Complete cleanup of page/template/component parsing code, now perhaps someone besides me could understand it. 8-) * File navigator only now used for pages, not for templates/components, retains context. * Hooks are there for doing an entire edit session then pushing new content all at once. Theoreticially, you could create an entire new site, browse it and test it without the public seeing it, and then push one button to publish it all. I say theoretically because I haven't done it yet, but it should be there soon. * Preview now holds true for browsing catalog. * Now can create and edit pages that have no template wrapper. * Closed all Bugzillas relating to it. -- New pages not creating properly -- Unable to edit in subdirectories -- Templates not written properly * TODO: -- Allow alternate DSN for staging database tables. -- Document this puppy, finally. -- Change templates so that left-side/right-side components interchange, and so that most class=content components can go vertical. -- Vet the new [menu][/menu] component so that left-hand side menu can be directory/location sensitive. -- Build in the "use the index.html page in the current directory as the template" functionality.
* Add mv_source parameter which sets an affiliate program source
and can be carried around in URLs when $Scratch->{mv_add_source}
is set. This solves the problem of AOL caching the page with
the source embedded, then forwarding the next request sans source.
From a suggestion by Dan <ic@concolor.org>.
* A number of minor changes related to continuing work on content
editing features.
-- Change Vend::Interpolate::form_link() to escape the HREF properly.
Thanks to Kevin's good eye.
-- Back out misguided patch to [history-scan] battling above.
-- Change Vend::Util::escape_chars_url() to do nothing if
no changes are needed. This may be stupid, but then again
almost everything I have ever done WRT escaping seems stupid
in retrospect. 8-)
-- Add function to [process] where you can specify a download
name, so that a piece of content delivered by download will
have the right name/extension.
-- Fix call to /icons/ image in menu_editor, add proper image.
-- Add [jsqn] tag, which quotes for JavaScript without variable
interpolation.
* Add "Edit in Browser" function for page editor, allowing you to
download the page, edit in Mozilla et al, and then upload it
back up.
* Remove dependencies on '&' as the UrlSepChar. * Enhance form_link to accept pre-formatted strings.
Revert a change, at least for 4.9.1 release.