Overview
Comment:Added conversion to s:session-var-get. WARNING: Need to use 'raw in many cases
Downloads: Tarball | ZIP archive | SQL archive
Timelines: family | ancestors | descendants | both | trunk
Files: files | file ages | folders
SHA1: 445ea184aebf8989ce80fa16e16e89a6f0766a81
User & Date: matt on 2016-09-25 17:10:36
Other Links: manifest | tags
Context
2016-11-08
06:20
Merged crypt branch check-in: 0e2bee049a user: matt tags: trunk
2016-10-20
17:53
Replace external openssl call with "crypt" egg.

The OpenSSL call was using the old UNIX crypt DES password hashing, which is very weak. Crypt will default to a more sensible mechanism (Blowfish, but in the future could transparently switch).

Old passwords will continue to work, because the crypt egg detects DES salts and happily hashes them. When creating new passwords, they will be hashed using the modern algorithm.

The OpenSSL call passed the password to the shell, so an onlooker on the server could see it in plaintext. It also neglected to escape the password for the shell, resulting in a command injection vulnerability. check-in: 1b5a5d3a6e user: sjamaan tags: crypt

17:50
Create new branch named "crypt" Closed-Leaf check-in: 1241e8996c user: sjamaan tags: crypt
2016-09-25
17:10
Added conversion to s:session-var-get. WARNING: Need to use 'raw in many cases check-in: 445ea184ae user: matt tags: trunk
2016-09-24
07:07
Added recovery from bad form. but it is broken and I don't know why. Still seems rare ... check-in: 44c407806c user: matt tags: trunk
Changes
Hide Diffs Unified Diffs Ignore Whitespace Patch

Modified doc/howto.txt from [56cd7b3d4f] to [a12cd32804]. 

14
15
16
17
18
19
20

21
22
23
24
25
26
27

The URL:

http://the.domain.com/pagename/p1/p2/p3?param1=value1

(s:get-page-params) => '("p1" "p2")

(s:get-param 'param1) => "value1"


Create a link.
~~~~~~~~~~~~~~

(s:null "[" (s:a name 'href 
               (s:link-to (string-append "location/" (string-intersperse p "/") ""))) "] ")))









>








14
15
16
17
18
19
20
21
22
23
24
25
26
27
28

The URL:

http://the.domain.com/pagename/p1/p2/p3?param1=value1

(s:get-page-params) => '("p1" "p2")

(s:get-param 'param1) => "value1"
(s:get-param 'param1 'number) => number or #f 

Create a link.
~~~~~~~~~~~~~~

(s:null "[" (s:a name 'href 
               (s:link-to (string-append "location/" (string-intersperse p "/") ""))) "] ")))


66
67
68
69
70
71
72

73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90

91
92

93
94
95
96
97
98
99

;; use (s:get-param to get the 'id, or 'reply_to values


Get and set a session var
~~~~~~~~~~~~~~~~~~~~~~~~~

(s:session-var-get "keyname")

(s:session-var-set! "keyname" "value")

5.1 Page local vars

(s:set! key val)
(s:get key)


make a selection drop down
~~~~~~~~~~~~~~~~~~~~~~~~~~

In view.scm: 

(s:select '(("World" 0)("Country" 1)("State" 2)("Town/City" 3)) 'name 'scope)

In control.scm:

(let ((scope (s:get-input 'scope)))

  ....



Simple error reporting
~~~~~~~~~~~~~~~~~~~~~~

In control.scm:
(s:set-err "You must provide an email address")









>













|



|
>


>








67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103

;; use (s:get-param to get the 'id, or 'reply_to values


Get and set a session var
~~~~~~~~~~~~~~~~~~~~~~~~~

(s:session-var-get "keyname")
(s:session-var-get "keyname" 'number) 
(s:session-var-set! "keyname" "value")

5.1 Page local vars

(s:set! key val)
(s:get key)


make a selection drop down
~~~~~~~~~~~~~~~~~~~~~~~~~~

In view.scm: 

(s:select '(("World" 0)("Country" 1)("State" 2 #t)("Town/City" 3)) 'name 'scope)

In control.scm:

(let ((scope     (s:get-input 'scope))
      (scope-num (s:get-input 'scope 'number))) ;; 'number, 'raw or 'escaped
  ....

The optional third entry sets that item as selected if true

Simple error reporting
~~~~~~~~~~~~~~~~~~~~~~

In control.scm:
(s:set-err "You must provide an email address")

Modified session.scm from [d1e5e81543] to [feaf3112af]. 

433
434
435
436
437
438
439
440
441
442

443
444
445
446
447
448
449

;; get session vars for the current page
;;
(define (session:page-get self key)
  (hash-table-ref/default (sdat-get-pagevars self) key #f))

;; get session vars for a specified page
;;
(define (session:get self page key)
  (let ((ht (session:get-page-hash self page)))
    (hash-table-ref/default ht (s:any->string key) #f)))


;; delete a session var for a specified page
;;
(define (session:del! self page key)
  (let ((ht (session:get-page-hash self page)))
    (hash-table-delete! ht (s:any->string key))))









|
|
|
>








433
434
435
436
437
438
439
440
441
442
443
444
445
446
447
448
449
450

;; get session vars for the current page
;;
(define (session:page-get self key)
  (hash-table-ref/default (sdat-get-pagevars self) key #f))

;; get session vars for a specified page
;;
(define (session:get self page key params)
  (let* ((ht  (session:get-page-hash self page))
	 (res (hash-table-ref/default ht (s:any->string key) #f)))
    (session:apply-type-preference res params)))

;; delete a session var for a specified page
;;
(define (session:del! self page key)
  (let ((ht (session:get-page-hash self page)))
    (hash-table-delete! ht (s:any->string key))))

Modified setup.scm from [77c57eae95] to [90e6633a2e]. 

64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79


(define (s:get-n-del! key)
  (let ((val (session:page-get s:session key)))
    (session:del! s:session key)
    val))

;; these are session wide
(define (s:session-var-get key) 
  (session:get s:session "*sessionvars*" key))

(define (s:session-var-set! key val)
  (session:set! s:session "*sessionvars*" key val))

(define (s:session-var-get-n-del! key)
  (let ((val (session:page-get s:session key)))
     (session:del! s:session "*sessionvars*" key)








|
|








64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79


(define (s:get-n-del! key)
  (let ((val (session:page-get s:session key)))
    (session:del! s:session key)
    val))

;; these are session wide
(define (s:session-var-get key . params) 
  (session:get s:session "*sessionvars*" key params))

(define (s:session-var-set! key val)
  (session:set! s:session "*sessionvars*" key val))

(define (s:session-var-get-n-del! key)
  (let ((val (session:page-get s:session key)))
     (session:del! s:session "*sessionvars*" key)