svn commit: r1337564 - in /tcl/rivet/trunk: rivet/packages/dio/dio.tcl rivet/packages/dio/dio_Mysql.tcl rivet/packages/session/session-class.tcl rivet/rivet-tcl/cookie.tcl src/rivetParser.c tests/rivet.test tests/shorthand.rvt tests/shorthand.test

[mx...@apache.org]

Author: mxmanghi
Date: Sat May 12 15:20:22 2012
New Revision: 1337564

URL: http://svn.apache.org/viewvc?rev=1337564&view=rev
Log:
    * src/rivetParser.c: add shorthand expression <?= ... ?> for <? puts -nonewline "..." ?> (contributed 
    by Jeff Lawson, addresses #53217, tclrivetparser still to be fixed)
    * tests/shorthand.[test|rvt]: add test of shorthand notation for string output 
    * rivet/rivet-tcl/cookie.tcl: add support for HttpOnly flag (contributed by Cyril Shtumf, fixes bug #53224)
    * rivet/packages/session/session-class.tcl: support for HttpOnly flag improves security and reduces
    the risk of cross-site scripting attacks (contributed by Cyril Shtumf, fixes #52224)
    * rivet/packages/dio/dio.tcl: wrong SQL syntax generated in delete method when multiple fields are
    used in the selection clause (contributed by Cyril Shtumf, fixes bug #53222)
    * rivet/packages/dio/dio_Mysql.tcl: Mysql connection must be checked when connection reference is reused
    because it could have dropped (contributed by Cyril Shtumf, fixes #53221)


Added:
    tcl/rivet/trunk/tests/shorthand.rvt
    tcl/rivet/trunk/tests/shorthand.test
Modified:
    tcl/rivet/trunk/rivet/packages/dio/dio.tcl
    tcl/rivet/trunk/rivet/packages/dio/dio_Mysql.tcl
    tcl/rivet/trunk/rivet/packages/session/session-class.tcl
    tcl/rivet/trunk/rivet/rivet-tcl/cookie.tcl
    tcl/rivet/trunk/src/rivetParser.c
    tcl/rivet/trunk/tests/rivet.test

Modified: tcl/rivet/trunk/rivet/packages/dio/dio.tcl
URL: http://svn.apache.org/viewvc/tcl/rivet/trunk/rivet/packages/dio/dio.tcl?rev=1337564&r1=1337563&r2=1337564&view=diff
==============================================================================
--- tcl/rivet/trunk/rivet/packages/dio/dio.tcl (original)
+++ tcl/rivet/trunk/rivet/packages/dio/dio.tcl Sat May 12 15:20:22 2012
@@ -235,13 +235,13 @@ proc handle {interface args} {
 	## If we're not using multiple keyfields, just return a simple
 	## where clause.
 	if {[llength $myKeyfield] < 2} {
-	    return " WHERE $myKeyfield = [makeDBFieldValue $table $myKeyfield $myKey]"
+	    return " WHERE `${myKeyfield}` = [makeDBFieldValue $table $myKeyfield $myKey]"
 	}
 
 	# multiple fields, construct it as a where-and
 	set req " WHERE 1 = 1"
 	foreach field $myKeyfield key $myKey {
-	    append req " AND $field=[makeDBFieldValue $table $field $key]"
+	    append req " AND `${field}` = [makeDBFieldValue $table $field $key]"
 	}
 	return $req
     }
@@ -547,7 +547,7 @@ proc handle {interface args} {
     #
     method delete {key args} {
 	table_check $args
-	set req "delete from $myTable"
+	set req "delete from `${myTable}`"
 	append req [build_key_where_clause $myKeyfield $key]
 
 	set res [exec $req]

Modified: tcl/rivet/trunk/rivet/packages/dio/dio_Mysql.tcl
URL: http://svn.apache.org/viewvc/tcl/rivet/trunk/rivet/packages/dio/dio_Mysql.tcl?rev=1337564&r1=1337563&r2=1337564&view=diff
==============================================================================
--- tcl/rivet/trunk/rivet/packages/dio/dio_Mysql.tcl (original)
+++ tcl/rivet/trunk/rivet/packages/dio/dio_Mysql.tcl Sat May 12 15:20:22 2012
@@ -64,7 +64,7 @@ namespace eval DIO {
 	}
 
 	method exec {req} {
-	    if {![info exists conn]} { open }
+	    if {![info exists conn] || ![mysqlping $conn]} { open }
 
 	    set cmd mysqlexec
 #
@@ -89,7 +89,7 @@ namespace eval DIO {
 	}
 
 	method lastkey {} {
-	    if {![info exists conn]} { return }
+	    if {![info exists conn] || ![mysqlping $conn]} { return }
 	    return [mysqlinsertid $conn]
 	}
 
@@ -107,7 +107,7 @@ namespace eval DIO {
 	}
 
 	method handle {} {
-	    if {![info exists conn]} { open }
+	    if {![info exists conn] || ![mysqlping $conn]} { open }
 
 	    return $conn
 	}
@@ -158,7 +158,7 @@ namespace eval DIO {
 	}
 
 	public variable db "" {
-	    if {[info exists conn]} {
+	    if {[info exists conn] && [mysqlping $conn]} {
 		mysqluse $conn $db
 	    }
 	}

Modified: tcl/rivet/trunk/rivet/packages/session/session-class.tcl
URL: http://svn.apache.org/viewvc/tcl/rivet/trunk/rivet/packages/session/session-class.tcl?rev=1337564&r1=1337563&r2=1337564&view=diff
==============================================================================
--- tcl/rivet/trunk/rivet/packages/session/session-class.tcl (original)
+++ tcl/rivet/trunk/rivet/packages/session/session-class.tcl Sat May 12 15:20:22 2012
@@ -87,6 +87,9 @@ package require Itcl
     # specifies whether cookies should only be sent over secure connections
     public variable cookieSecure 0
 
+    # specifies whether cookies should only be sent over http connections
+    public variable cookieHttpOnly 0
+
     # the name of the table that session info will be stored in
     public variable sessionTable "rivet_session"
 
@@ -192,7 +195,8 @@ package require Itcl
 	cookie set $cookieName $value \
 	    -path $cookiePath \
 	    -minutes $cookieLifetime \
-	    -secure $cookieSecure
+	    -secure $cookieSecure \
+	    -HttpOnly $cookieHttpOnly
     }
 
     #

Modified: tcl/rivet/trunk/rivet/rivet-tcl/cookie.tcl
URL: http://svn.apache.org/viewvc/tcl/rivet/trunk/rivet/rivet-tcl/cookie.tcl?rev=1337564&r1=1337563&r2=1337564&view=diff
==============================================================================
--- tcl/rivet/trunk/rivet/rivet-tcl/cookie.tcl (original)
+++ tcl/rivet/trunk/rivet/rivet-tcl/cookie.tcl Sat May 12 15:20:22 2012
@@ -59,6 +59,9 @@ namespace eval ::rivet {
         if { [info exists params(secure)] && $params(secure) == 1} {
             append cookieParams "; secure"
         }
+        if { [info exists params(HttpOnly)] && $params(HttpOnly)} {
+            append cookieParams "; HttpOnly"
+        }
 
         return $cookieParams
     }

Modified: tcl/rivet/trunk/src/rivetParser.c
URL: http://svn.apache.org/viewvc/tcl/rivet/trunk/src/rivetParser.c?rev=1337564&r1=1337563&r2=1337564&view=diff
==============================================================================
--- tcl/rivet/trunk/src/rivetParser.c (original)
+++ tcl/rivet/trunk/src/rivetParser.c Sat May 12 15:20:22 2012
@@ -168,7 +168,7 @@ Rivet_Parser(Tcl_Obj *outbuf, Tcl_Obj *i
 
     int endseqlen = strlen(END_TAG);
     int startseqlen = strlen(START_TAG);
-    int inside = 0, p = 0;
+    int inside = 0, p = 0, check_echo = 0;
     int inLen = 0;
 
     next = Tcl_GetStringFromObj(inbuf, &inLen);
@@ -190,6 +190,7 @@ Rivet_Parser(Tcl_Obj *outbuf, Tcl_Obj *i
                     /* We have matched the whole ending sequence. */
                     Tcl_AppendToObj(outbuf, "\"\n", 2);
                     inside = 1;
+                    check_echo = 1;
                     p = 0;
                     continue;
                 }
@@ -231,6 +232,15 @@ Rivet_Parser(Tcl_Obj *outbuf, Tcl_Obj *i
         } else {
             /* Inside the delimiting tags. */
 
+            if (check_echo)
+            {
+                check_echo = 0;
+                if (*cur == '=') {
+                    Tcl_AppendToObj(outbuf, "\nputs -nonewline ", -1);
+                    continue;
+                }
+            }
+
             if (*cur == strend[p])
             {
                 if ((++p) == endseqlen)

Modified: tcl/rivet/trunk/tests/rivet.test
URL: http://svn.apache.org/viewvc/tcl/rivet/trunk/tests/rivet.test?rev=1337564&r1=1337563&r2=1337564&view=diff
==============================================================================
--- tcl/rivet/trunk/tests/rivet.test (original)
+++ tcl/rivet/trunk/tests/rivet.test Sat May 12 15:20:22 2012
@@ -15,7 +15,7 @@ set urlbase "http://localhost:8081/"
 
 # Use this to start and stop the server:
 
-set TestList {headers.test cookies.test get.test post.test tclfile.test env.test hello.test include.test binary.test parse.test upload.test makeurl.test}
+set TestList {shorthand.test headers.test cookies.test get.test post.test tclfile.test env.test hello.test include.test binary.test parse.test upload.test makeurl.test}
 
 # Test stanzas are created by giving the test a name and a
 # description.  The code is then executed, and the results compared

Added: tcl/rivet/trunk/tests/shorthand.rvt
URL: http://svn.apache.org/viewvc/tcl/rivet/trunk/tests/shorthand.rvt?rev=1337564&view=auto
==============================================================================
--- tcl/rivet/trunk/tests/shorthand.rvt (added)
+++ tcl/rivet/trunk/tests/shorthand.rvt Sat May 12 15:20:22 2012
@@ -0,0 +1,2 @@
+<pre><?= "testing &lt;?= ... ?&gt; shorthand expression" ?></pre>
+<pre><?= "testing &lt;?= ... ?&gt; shorthand expression" ?></pre>

Added: tcl/rivet/trunk/tests/shorthand.test
URL: http://svn.apache.org/viewvc/tcl/rivet/trunk/tests/shorthand.test?rev=1337564&view=auto
==============================================================================
--- tcl/rivet/trunk/tests/shorthand.test (added)
+++ tcl/rivet/trunk/tests/shorthand.test Sat May 12 15:20:22 2012
@@ -0,0 +1,8 @@
+# $Id: $
+
+::tcltest::test shorthand {shorthand expression for simple output} {
+    set page [ ::http::geturl "${urlbase}shorthand.rvt"]
+    set match [::http::data $page]
+    set match
+} {<pre>testing &lt;?= ... ?&gt; shorthand expression</pre>
+}



---------------------------------------------------------------------
To unsubscribe, e-mail: rivet-cvs-unsubscribe@tcl.apache.org
For additional commands, e-mail: rivet-cvs-help@tcl.apache.org