You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@cocoon.apache.org by Vadim Gritsenko <va...@reverycodes.com> on 2005/05/18 02:56:14 UTC
Re: svn commit: r170589 - in /cocoon/branches/BRANCH_2_1_X/src/blocks/forms:
conf/ java/org/apache/cocoon/forms/formmodel/ java/org/apache/cocoon/forms/validation/impl/
ugo@apache.org wrote:
> + * A {@link Field} for CAPTCHA validation. Upon generation, a secret random string is stored
> + * in a session attribute having the same name as the field's ID, for use by a
> + * {@link org.apache.cocoon.forms.validation.impl.CaptchaValidator}.
> + Session session = ObjectModelHelper.getRequest(objectModel).getSession(true);
> + session.setAttribute(SESSION_ATTR_PREFIX + getId(), generateSecret());
Such session attribute name is not unique (two forms with similar widget id).
Why not use widget.set/getAttribute?
Vadim
Re: svn commit: r170589 - in /cocoon/branches/BRANCH_2_1_X/src/blocks/forms: conf/ java/org/apache/cocoon/forms/formmodel/ java/org/apache/cocoon/forms/validation/impl/
Posted by Ugo Cei <ug...@apache.org>.
Il giorno 18/mag/05, alle 17:13, Reinhard Poetz ha scritto:
> Ugo Cei wrote:
>
>> <fd:captcha length="8">
>> but I don't know how to get the value of that attribute from the
>> Widget class. Any hints?
>
> see FieldDefinitionBuilder; I haven't had a look at your
> implementation so far but as you introduced a new widget type you
> should have implemented a build class for it. There you should get the
> information you want.
Right on! It's implemented now.
Ugo
--
Ugo Cei
Tech Blog: http://agylen.com/
Source.zone: http://sourcezone.info/
Wine & Food Blog: http://www.divinocibo.it/
Re: svn commit: r170589 - in /cocoon/branches/BRANCH_2_1_X/src/blocks/forms:
conf/ java/org/apache/cocoon/forms/formmodel/ java/org/apache/cocoon/forms/validation/impl/
Posted by Reinhard Poetz <re...@apache.org>.
Ugo Cei wrote:
> <fd:captcha length="8">
>
> but I don't know how to get the value of that attribute from the Widget
> class. Any hints?
see FieldDefinitionBuilder; I haven't had a look at your implementation so far
but as you introduced a new widget type you should have implemented a build
class for it. There you should get the information you want.
--
Reinhard Pötz Independent Consultant, Trainer & (IT)-Coach
{Software Engineering, Open Source, Web Applications, Apache Cocoon}
web(log): http://www.poetz.cc
--------------------------------------------------------------------
Re: svn commit: r170589 - in /cocoon/branches/BRANCH_2_1_X/src/blocks/forms: conf/ java/org/apache/cocoon/forms/formmodel/ java/org/apache/cocoon/forms/validation/impl/
Posted by Ugo Cei <ug...@apache.org>.
Il giorno 18/mag/05, alle 15:54, Vadim Gritsenko ha scritto:
> One form on one page, another form on another page, navigating back to
> the older form does not change the value in session... Unique ID will
> fix it. Only one problem though :-) How the session will be cleaned
> up?
Interesting question. Since the widget only stores a seven-char string
in the session, maybe we shouldn't worry too much. Or we could remove
the attribute once the validation is performed, since it won't be
needed anymore. I'll try to come up with something.
>>> This will be safer, please do it :-)
>> I will do :-)
Done.
One question for the CForms gurus. I'd like to be able to specify the
length of the secret string in the field definition, using something
like:
<fd:captcha length="8">
but I don't know how to get the value of that attribute from the Widget
class. Any hints?
Ugo
--
Ugo Cei
Tech Blog: http://agylen.com/
Source.zone: http://sourcezone.info/
Wine & Food Blog: http://www.divinocibo.it/
Re: svn commit: r170589 - in /cocoon/branches/BRANCH_2_1_X/src/blocks/forms:
conf/ java/org/apache/cocoon/forms/formmodel/ java/org/apache/cocoon/forms/validation/impl/
Posted by Vadim Gritsenko <va...@reverycodes.com>.
Ugo Cei wrote:
> Il giorno 18/mag/05, alle 15:02, Vadim Gritsenko ha scritto:
>
>> Or if you click back button, etc. There are multiple scenarios.
>
>
> Just curious: how can this be a problem? If you go back, the page is not
> regenerated, so the same random value is present in the session. And if
> you reload the page, a new random value is computed and a new image is
> generated, so there should be no problem, or am I missing something?
One form on one page, another form on another page, navigating back to the older
form does not change the value in session... Unique ID will fix it. Only one
problem though :-) How the session will be cleaned up?
>>> Anyway, it's probably safer to use a generated, random id.
>>
>>
>> This will be safer, please do it :-)
>
>
> I will do :-)
Thanks :-)
Vadim
Re: svn commit: r170589 - in /cocoon/branches/BRANCH_2_1_X/src/blocks/forms: conf/ java/org/apache/cocoon/forms/formmodel/ java/org/apache/cocoon/forms/validation/impl/
Posted by Ugo Cei <ug...@apache.org>.
Il giorno 18/mag/05, alle 15:02, Vadim Gritsenko ha scritto:
> Or if you click back button, etc. There are multiple scenarios.
Just curious: how can this be a problem? If you go back, the page is
not regenerated, so the same random value is present in the session.
And if you reload the page, a new random value is computed and a new
image is generated, so there should be no problem, or am I missing
something?
>
>> Anyway, it's probably safer to use a generated, random id.
>
> This will be safer, please do it :-)
I will do :-)
Ugo
--
Ugo Cei
Tech Blog: http://agylen.com/
Source.zone: http://sourcezone.info/
Wine & Food Blog: http://www.divinocibo.it/
Re: svn commit: r170589 - in /cocoon/branches/BRANCH_2_1_X/src/blocks/forms:
conf/ java/org/apache/cocoon/forms/formmodel/ java/org/apache/cocoon/forms/validation/impl/
Posted by Vadim Gritsenko <va...@reverycodes.com>.
Ugo Cei wrote:
> Il giorno 18/mag/05, alle 02:56, Vadim Gritsenko ha scritto:
>
>>> + Session session =
>>> ObjectModelHelper.getRequest(objectModel).getSession(true);
>>> + session.setAttribute(SESSION_ATTR_PREFIX + getId(),
>>> generateSecret());
>>
>>
>> Such session attribute name is not unique (two forms with similar
>> widget id). Why not use widget.set/getAttribute?
>
>
> That would be a problem only if you had two forms on the same page
> having two different widdgets with the same id. Or the same form open in
> two browser windows at once.
Or if you click back button, etc. There are multiple scenarios.
> Anyway, it's probably safer to use a generated, random id.
This will be safer, please do it :-)
Vadim
> The problem with using a widget attribute is that the attribute value
> must be accessible to the component that generates the image, which is
> not aware of the form.
>
> Ugo
Re: svn commit: r170589 - in /cocoon/branches/BRANCH_2_1_X/src/blocks/forms: conf/ java/org/apache/cocoon/forms/formmodel/ java/org/apache/cocoon/forms/validation/impl/
Posted by Ugo Cei <ug...@apache.org>.
Il giorno 18/mag/05, alle 02:56, Vadim Gritsenko ha scritto:
>> + Session session =
>> ObjectModelHelper.getRequest(objectModel).getSession(true);
>> + session.setAttribute(SESSION_ATTR_PREFIX + getId(),
>> generateSecret());
>
> Such session attribute name is not unique (two forms with similar
> widget id). Why not use widget.set/getAttribute?
That would be a problem only if you had two forms on the same page
having two different widdgets with the same id. Or the same form open
in two browser windows at once. Anyway, it's probably safer to use a
generated, random id.
The problem with using a widget attribute is that the attribute value
must be accessible to the component that generates the image, which is
not aware of the form.
Ugo
--
Ugo Cei
Tech Blog: http://agylen.com/
Source.zone: http://sourcezone.info/
Wine & Food Blog: http://www.divinocibo.it/