search

Letractively / caudium

Automatically exported from code.google.com/p/caudium
1 stars 1 forks source link

Setting a cookie from an <insert>'ed file and other side effects #7

Closed GoogleCodeExporter closed 8 years ago

GoogleCodeExporter commented 8 years ago 
What steps will reproduce the problem?

1. set a cookie using the following code in a page called set_cookie.html:
<set_cookie name="foo" value="bar">

2. access set_cookie.html and check the cookie is set in the browser

3. remove the cookie from the browser

3. now, create a new page set_cookie_include.html with the following code:
<insert file="set_cookie.html">

4. Access set_cookie_include.html. The cookie is not set.

This should be because insert deals with a fake RequestID object and the cookie 
is not set in the 
real RequestID object.
I guess <insert> should have a bunch of side effects like this (feeding 
id->misc and such).

Original issue reported on code.google.com by bertrand.lupart on 8 Oct 2008 at 4:16

GoogleCodeExporter commented 8 years ago 
The reason insert file makes a copy of misc and variables is because those
are the two "writable" areas of the request, and the insert file literally
runs a request through the server to get the contents. For example, you
can insert a pike script and the result of running the script will be
called, not the contents of the file itself. For security
reasons, you wouldn't want a (potentially untrusted) inserted file to
write things back into the calling request.

I don't think that's the kind of thing we'd want to change in existing
code. It sounds like perhaps you need something a little different... do
you need to have the contents of a file parsed, or is being able to refer
to the file by its location in the virtual filesystem important? If not,
you could probably write a simple include tag module that just does a
read_file() and returns the content.

Original comment by Bill.Wel...@gmail.com on 15 Oct 2008 at 2:10

GoogleCodeExporter commented 8 years ago 
[deleted comment]
GoogleCodeExporter commented 8 years ago 
This is a no issue.

Short story:
For not suffering such kind of side effect, just insert a file whose extension 
is not parsed by your RXML parser, 
like <insert file="foo.txt">

Long story:
http://thread.gmane.org/gmane.comp.web.server.caudium.devel/677

Original comment by bertrand.lupart on 17 Oct 2008 at 7:57