You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@tcl.apache.org by mx...@apache.org on 2018/11/19 21:20:48 UTC
[tcl-rivet] 02/02: proposed changes to fix bug 62926
This is an automated email from the ASF dual-hosted git repository.
mxmanghi pushed a commit to branch 3.0
in repository https://gitbox.apache.org/repos/asf/tcl-rivet.git
commit 4f986a1ac5c9d115afd7aa58d1c82700e31e2098
Author: Massimo Manghi <mx...@apache.org>
AuthorDate: Mon Nov 19 22:20:32 2018 +0100
proposed changes to fix bug 62926
---
ChangeLog | 9 +++++++++
VERSION | 2 +-
configure.ac | 2 +-
src/mod_rivet_ng/rivetCore.c | 23 ++++++++++++++++++++++-
tests/fqrivet_var.tcl | 40 ++++++++++++++++++++++++++++++++++++++++
tests/post.test | 23 +++++++++++++++++++++++
6 files changed, 96 insertions(+), 3 deletions(-)
diff --git a/ChangeLog b/ChangeLog
index e8eb481..037ee0e 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -1,5 +1,14 @@
2018-11-18 Massimo Manghi <mx...@apache.org>
+ * configure.ac,VERSION: bumping to version 3.0.4
+ * src/mod_rivet_ng/rivetCore.c: stripping the namespace in the commands
+ implemented by Rivet_Var (fixes bug #62926)
+ * tests/post.test: add test to prevent the POST and GET arguments
+ crosstalk
+ * tests/fqrivet_var.tcl: test fully qualified ::rivet::var[xxx] commands
+
+2018-11-18 Massimo Manghi <mx...@apache.org>
* : version 3.0.3 released
+ * doc/rivet.xml.in: print manual the full version in the cover page
2018-11-04 Massimo Manghi <mx...@apache.org>
* rivet/rivet-tcl/xml.tcl: New ::rivet::xml command simplified and
diff --git a/VERSION b/VERSION
index 75a22a2..b0f2dcb 100644
--- a/VERSION
+++ b/VERSION
@@ -1 +1 @@
-3.0.3
+3.0.4
diff --git a/configure.ac b/configure.ac
index 8eba832..c6b76fa 100644
--- a/configure.ac
+++ b/configure.ac
@@ -22,7 +22,7 @@ dnl
# so you can encode the package version directly into the source files.
#-----------------------------------------------------------------------
-AC_INIT([Rivet],[3.0.3])
+AC_INIT([Rivet],[3.0.4])
TEA_INIT([3.9])
# we are storing here the configure command line, as recursive
diff --git a/src/mod_rivet_ng/rivetCore.c b/src/mod_rivet_ng/rivetCore.c
index 7650cbe..fde7281 100644
--- a/src/mod_rivet_ng/rivetCore.c
+++ b/src/mod_rivet_ng/rivetCore.c
@@ -638,10 +638,11 @@ TCL_CMD_HEADER ( Rivet_LoadHeaders )
TCL_CMD_HEADER ( Rivet_Var )
{
rivet_thread_private* private;
- char* cmd;
+ char* cmd;
char* command;
Tcl_Obj* result = NULL;
int source;
+ register const char *p;
THREAD_PRIVATE_DATA(private)
CHECK_REQUEST_REC(private,"::rivet::var,::rivet::var_post,::rivet::var_qs")
@@ -657,6 +658,26 @@ TCL_CMD_HEADER ( Rivet_Var )
result = Tcl_NewObj();
/* determine if var_qs, var_post or var was called */
+
+ /* first of all we have to skip the namespace string at the beginning of the command:
+ *
+ * This fragment of code is taken from tcl 8.6.6 (tclNamesp.c) and it's part of the
+ * function implementing Tcl "namespace tail", as such it should be authoritative
+ * regarding the determination of the namespace stripped command name
+ */
+
+ for (p = cmd; *p != '\0'; p++) {
+ /* empty body */
+ }
+
+ while (--p > cmd) {
+ if ((*p == ':') && (*(p-1) == ':')) {
+ p++; /* Just after the last "::" */
+ break;
+ }
+ }
+ cmd = p;
+
if (!strcmp(cmd, "var_qs")) source = VAR_SRC_QUERYSTRING;
else if (!strcmp(cmd, "var_post")) source = VAR_SRC_POST;
else source = VAR_SRC_ALL;
diff --git a/tests/fqrivet_var.tcl b/tests/fqrivet_var.tcl
new file mode 100644
index 0000000..8a5eedf
--- /dev/null
+++ b/tests/fqrivet_var.tcl
@@ -0,0 +1,40 @@
+switch [::rivet::var_qs get t1] {
+
+ 1 {
+ set qsvariables [dict create {*}[::rivet::var_qs all]]
+ set postvariables [dict create {*}[::rivet::var_post all]]
+
+ set qsvar {qsarg1 qsarg2}
+ set postvar {postarg1 postarg2}
+
+ set qs ""
+ set post ""
+ foreach v $qsvar {lappend qs $v [dict get $qsvariables $v]}
+ foreach v $postvar {lappend post $v [dict get $postvariables $v]}
+ puts -nonewline "var_qs = $qs\nvar_post = $post"
+ }
+ 2 {
+ #::rivet::parray server
+ # GET request: no var_post variables are supposed to be returned
+
+ set qsvariables [dict create {*}[::rivet::var_qs all]]
+ set postvariables [dict create {*}[::rivet::var_post all]]
+
+ if {[dict exists $postvariables qsarg1] || [dict exists $postvariables qsarg2]} {
+ puts "KO: [::rivet::var_post all]"
+ } else {
+ puts -nonewline "OK"
+ }
+
+ }
+ 3 {
+ set qsvariables [dict create {*}[::rivet::var_qs all]]
+ set postvariables [dict create {*}[::rivet::var_post all]]
+
+ if {[dict exists $qsvariables postarg1] || [dict exists $qsvariables postarg2]} {
+ puts "KO: $qsvariables"
+ } else {
+ puts -nonewline "OK"
+ }
+ }
+}
diff --git a/tests/post.test b/tests/post.test
index 77e9bf8..8fed8dc 100644
--- a/tests/post.test
+++ b/tests/post.test
@@ -37,3 +37,26 @@ set testfilename1 post.rvt
regexp -line {^\[::rivet::var_post get foobar\] = goober$} [ ::http::data $page ] match
set match
} {[::rivet::var_post get foobar] = goober}
+
+set rivetscript "${urlbase}fqrivet_var.tcl"
+
+::tcltest::test postvariables-5.1 {::rivet::var_qs and ::rivet::var_post} {
+ set page [::http::geturl "${rivetscript}?qsarg1=val1&qsarg2=val2&t1=1" \
+ -query [::http::formatQuery postarg1 val1 postarg2 val2]]
+ set match [::http::data $page]
+ set match
+} {var_qs = qsarg1 val1 qsarg2 val2
+var_post = postarg1 val1 postarg2 val2}
+
+::tcltest::test postvariables-5.2 {::rivet::var_post and ::rivet::var_qs crosstalk 1} {
+ set page [::http::geturl "${rivetscript}?qsarg1=val1&qsarg2=val2&t1=2"]
+ set match [::http::data $page]
+ set match
+} {OK}
+
+::tcltest::test postvariables-5.3 {::rivet::var_post and ::rivet::var_qs crosstalk 2} {
+ set page [::http::geturl "${rivetscript}?t1=3" \
+ -query [::http::formatQuery postarg1 val1 postarg2 val2]]
+ set match [::http::data $page]
+ set match
+} {OK}
---------------------------------------------------------------------
To unsubscribe, e-mail: commits-unsubscribe@tcl.apache.org
For additional commands, e-mail: commits-help@tcl.apache.org