Dragonfly 0.50 Released!

A web framework in newLISP

Dragonfly 0.50 Released!

Postby itistoday » Thu Nov 12, 2009 12:28 am

I figure we should have a new thread for each major version. :-)

Get it here:

http://dragonfly-newlisp.googlecode.com ... p_v050.zip

Documentation at:

http://www.rundragonfly.com

Many thanks to Marc (hilti) for letting me contribute to it!

Now go play with it! :-)
Get your Objective newLISP groove on.
itistoday
 
Posts: 413
Joined: Sun Dec 02, 2007 5:10 pm
Location: I'm sitting right next to you. :)

Re: Dragonfly 0.50 Released!

Postby Kirill » Thu Nov 12, 2009 12:09 pm

Hello and congratulations on the new release! I fetched it from the repo and set up on my server to play a bit first. Looks promising!

I have a couple of questions.

1. How do I pass extra query parameters to a page? Say I want to add "?foo=bar" to the debug page. Going to http://www.rundragonfly.com/dragonfly_debug?foo=bar gives me an error.
2. What happens if there are to parameters with the same name? E.g. "foo=q1&foo=q55". Would the latter "foo" overwrite the first one? It could be easy to verify if I was able to pass these to the debug, ref. my first point.
3. I see that QUERY_STRING is used to find out what page/resouce users wanted to go to ("index.cgi?page"). Normally it's better to say "index.cgi/page", in such case the value "/page" will be put in PATH_INFO variable. Any additiional query paramaters can be easily added: "index.cgi/page?param=1&param=2&param=3". Here's an example:

http://www.rundragonfly.com/index.cgi/foo/bar/baz?dragonfly_debug?foo=bar&bar=baz

Note how "/foo/bar/baz" is put in PATH_INFO. And also note how query parameters are being split.

Regards,
Kirill
Kirill
 
Posts: 75
Joined: Wed Oct 31, 2007 1:21 pm

Re: Dragonfly 0.50 Released!

Postby Kirill » Thu Nov 12, 2009 12:34 pm

Actually I found the answer to my second question. Dragonfly does not support multiple parameters with the same name. Look:

http://www.rundragonfly.com/index.cgi?dragonfly_debug?foo=bar&bar=foo&bar=baz&bar=zoo

Code: Select all
$GET
(("bar" "zoo") ("dragonfly_debug?foo" "bar"))


Here only the last value "zoo" is kept.

Jeff's Web.lsp handles this case correctly:

Code: Select all
(("bar" "foo") ("bar" "baz") ("bar" "zoo"))


Kirill
Kirill
 
Posts: 75
Joined: Wed Oct 31, 2007 1:21 pm

Re: Dragonfly 0.50 Released!

Postby hilti » Thu Nov 12, 2009 3:31 pm

Hi Kirill

there's a long explanation about nested resources in our user guide.
http://www.rundragonfly.com/dragonfly_routes

The topic is "What about nested resources?" and our conclusions are

1. Nested resources are often unnecessary
2. Can lead to poor design and confusion

BUT at the end on this page we wrote:

Because of these considerations, as well as the complexities of supporting nested resources in a generic fashion, Dragonfly does not encourage this sort of design pattern by supporting it out-of-the-box. However, if you need such behavior, you've got everything you need to

And we'll show a way to create Your needed queries.

Look over here: http://www.rundragonfly.com/dragonfly_create_routes

And we think that our way will help againt Http parameter pollution shown in this slideshow.
http://www.slideshare.net/Wisec/http-parameter-pollution-a-new-category-of-web-attacks

What Do You think?

Cheers
Hilti
--()o Dragonfly web framework for newLISP
http://dragonfly.uberberg.com
hilti
 
Posts: 138
Joined: Sun Apr 19, 2009 10:09 pm
Location: Hannover, Germany

Re: Dragonfly 0.50 Released!

Postby itistoday » Thu Nov 12, 2009 4:24 pm

Kirill wrote:Hello and congratulations on the new release! I fetched it from the repo and set up on my server to play a bit first. Looks promising!

I have a couple of questions.

1. How do I pass extra query parameters to a page? Say I want to add "?foo=bar" to the debug page. Going to http://www.rundragonfly.com/dragonfly_debug?foo=bar gives me an error.
2. What happens if there are to parameters with the same name? E.g. "foo=q1&foo=q55". Would the latter "foo" overwrite the first one? It could be easy to verify if I was able to pass these to the debug, ref. my first point.
3. I see that QUERY_STRING is used to find out what page/resouce users wanted to go to ("index.cgi?page"). Normally it's better to say "index.cgi/page", in such case the value "/page" will be put in PATH_INFO variable. Any additiional query paramaters can be easily added: "index.cgi/page?param=1&param=2&param=3". Here's an example:

http://www.rundragonfly.com/index.cgi/foo/bar/baz?dragonfly_debug?foo=bar&bar=baz

Note how "/foo/bar/baz" is put in PATH_INFO. And also note how query parameters are being split.

Regards,
Kirill


Thanks Kirill! Those are valid observations, this is something I need to fix with Route.Static and the .htaccess file, I'll get on that and let you know when it's fixed!

Also, thanks for the info regarding PATH_INFO! That might be difficult to support though as currently I don't think newLISP sets that environment variable, and of course even if it did, it doesn't support the .htaccess redirection. I might therefore be forced to do this solely through QUERY_STRING. If you see a way around this though let me know!
Last edited by itistoday on Thu Nov 12, 2009 4:45 pm, edited 3 times in total.
Get your Objective newLISP groove on.
itistoday
 
Posts: 413
Joined: Sun Dec 02, 2007 5:10 pm
Location: I'm sitting right next to you. :)

Re: Dragonfly 0.50 Released!

Postby itistoday » Thu Nov 12, 2009 4:32 pm

Kirill wrote:Actually I found the answer to my second question. Dragonfly does not support multiple parameters with the same name. Look:


That's odd, I didn't know multiple parameters with the same name were something that needs to be supported. Does PHP even handle this?

[..tests...]

No it seems PHP doesn't handle this either, $_GET['bar'] returns the last value set. Can you give me more info on why you think this should be supported, is this part of an RFC somewhere?

[...searches some more...]

A quick Google search shows how PHP supposedly handles this:

http://stackoverflow.com/questions/353379/how-to-get-multiple-parameters-with-same-name-from-a-url-in-php

They seem to require parsing QUERY_STRING manually. Of course you could do this with Dragonfly as well, and perhaps you should. Is there a good reason for Dragonfly to support same-named parameters within $GET? I'm not convinced it's needed or even prudent that we add this..
Get your Objective newLISP groove on.
itistoday
 
Posts: 413
Joined: Sun Dec 02, 2007 5:10 pm
Location: I'm sitting right next to you. :)

Re: Dragonfly 0.50 Released!

Postby Kirill » Thu Nov 12, 2009 4:55 pm

Thanks for your comments!

there's a long explanation about nested resources in our user guide.
http://www.rundragonfly.com/dragonfly_routes


I was not going to use any nested resources - I just wanted to add query parameters to pages, so that they could e.g. display another language or what not.

That's odd, I didn't know multiple parameters with the same name were something that needs to be supported. Does PHP even handle this?


I don't know about PHP, but Perl's CGI.pm has done that for ages. In Mason it's also part of the standard. And I've been using it a lot too. E.g. on a list with mail messages, users checks those she wantes moved or deleted and hits Move or Delete. All those checked boxes will have the same name, but different values attached.

Multi-select checkboxes work that very same way. Look for example at this:

http://www.siteexperts.com/tips/html/ts16/page1.asp

So multiple values for the same field is not too much to demand from web framework.

They seem to require parsing QUERY_STRING manually. Of course you could do this with Dragonfly as well, and perhaps you should. Is there a good reason for Dragonfly to support same-named parameters within $GET? I'm not convinced it's needed or even prudent that we add this..


Not only GET. POST too. I used GET as an example only.

-- Kirill
Kirill
 
Posts: 75
Joined: Wed Oct 31, 2007 1:21 pm

Re: Dragonfly 0.50 Released!

Postby Kirill » Thu Nov 12, 2009 5:08 pm

Regarding PHP, here's how they deal with it:

Each option will overwrite the contents of the previous $var variable. The solution is to use PHP's "array from form element" feature. The following should be used:


Code: Select all
<select name="var[]" multiple="yes">


This was from the FAQ
Kirill
 
Posts: 75
Joined: Wed Oct 31, 2007 1:21 pm

Re: Dragonfly 0.50 Released!

Postby itistoday » Thu Nov 12, 2009 5:59 pm

Kirill wrote:Regarding PHP, here's how they deal with it:

Each option will overwrite the contents of the previous $var variable. The solution is to use PHP's "array from form element" feature. The following should be used:


Code: Select all
<select name="var[]" multiple="yes">


This was from the FAQ


Thanks again Kirill, the example shows a legitimate use for that, so I'll go ahead and add this functionality (and I'll probably add a chapter on it to the User Guide).

Did you see my edit regarding PATH_INFO btw?
Get your Objective newLISP groove on.
itistoday
 
Posts: 413
Joined: Sun Dec 02, 2007 5:10 pm
Location: I'm sitting right next to you. :)

Re: Dragonfly 0.50 Released!

Postby Kirill » Thu Nov 12, 2009 8:59 pm

itistoday wrote:Thanks again Kirill, the example shows a legitimate use for that, so I'll go ahead and add this functionality (and I'll probably add a chapter on it to the User Guide).

Did you see my edit regarding PATH_INFO btw?


PATH_INFO is a standard variable defined in the CGI spec. All servers saying to support CGI should have support for that.

Regarding newLISP server - you don't really need to prepend requests with a ? there either - you can use (command-event) to do some rewriting, so that you'd get pretty looking URLs with newLISP web server too.

Kirill
Kirill
 
Posts: 75
Joined: Wed Oct 31, 2007 1:21 pm

Re: Dragonfly 0.50 Released!

Postby itistoday » Fri Nov 13, 2009 12:08 am

Kirill wrote:PATH_INFO is a standard variable defined in the CGI spec. All servers saying to support CGI should have support for that.


Looks like this is something Lutz might want to look into.

Currently the .htaccess script will properly translate a GET request like this:

GET /asdf?blah=foo

Into:

GET /index.cgi?asdf&blah=foo

But that would be broken in the built-in newlispServer. This is something I might be able to fix with the command-event you mentioned, but having the PATH_INFO would make it much cleaner.

Regarding newLISP server - you don't really need to prepend requests with a ? there either - you can use (command-event) to do some rewriting, so that you'd get pretty looking URLs with newLISP web server too.


Thanks for the 'command-event' tip! I have this working already on my end and will up push the changes to the mercurial repository once I fix the GET issue mentioned above as well. Note that it's also therefore recommended to run the built-in server using the provided newlispServer script:

Code: Select all
$ cd path/to/example-site
$ ./newlispServer


On Windows you'll have to use the entire thing:

Code: Select all
newlisp "dragonfly-framework/newlisp-redirection.lsp" -c -http -d 8080 -w .


if someone could tell me what the equivalent Windows script to 'newlispServer' would be I'll add it!

Code: Select all
#!/bin/bash

NEWLISP_REDIRECTION="./dragonfly-framework/newlisp-redirection.lsp"

if [ ! -f $NEWLISP_REDIRECTION ] ; then
   echo "ERROR: cannot find file: $NEWLISP_REDIRECTION"
   exit 1
fi

echo "If all goes well visit http://localhost:8080 in your browser"
newlisp "$NEWLISP_REDIRECTION" -c -http -d 8080 -w .
Get your Objective newLISP groove on.
itistoday
 
Posts: 413
Joined: Sun Dec 02, 2007 5:10 pm
Location: I'm sitting right next to you. :)

Re: Dragonfly 0.50 Released!

Postby itistoday » Fri Nov 13, 2009 12:42 am

Done!

All of the issues with GET should be gone (except for the multi-param stuff, that's coming next). All of the URLs now no longer use the ? when running the built-in server.

Full change-set: http://code.google.com/p/dragonfly-newlisp/source/detail?r=0924bfc1f0ab37d37596dafcb0b66b201273ddbc

If you want this functionality you can get it now by grabbing it from mercurial. Otherwise these changes will be in 0.51, along with the multi-param stuff.
Get your Objective newLISP groove on.
itistoday
 
Posts: 413
Joined: Sun Dec 02, 2007 5:10 pm
Location: I'm sitting right next to you. :)

Re: Dragonfly 0.50 Released!

Postby Kirill » Fri Nov 13, 2009 12:49 am

I can wait. :) Those comments where just something I noticed when giving DF a first try. Thanks for fixing it right away.

Also note that not all systems have /bin/bash (none of mine have in fact). /bin/sh is a safe choice.

-- Kirill
Kirill
 
Posts: 75
Joined: Wed Oct 31, 2007 1:21 pm

Re: Dragonfly 0.50 Released!

Postby Lutz » Fri Nov 13, 2009 1:03 am

Although PATH_INFO is in the CGI standard it is not supported (or configured?) by even the Apache web-server (see: http://www.newlisp.org/environment.cgi on nfshost.net).

I am glad both of you discovered httpd-conf.lsp. Here are a couple of more links for anybody who wants to know more about this:

http://www.newlisp.org/downloads/newlis ... #http_mode

here:

http://www.newlisp.org/downloads/newlis ... mand-event

and here:

http://www.newlisp.org/downloads/CodePa ... tml#toc-22

Note that a httpd-conf.lsp cannot be debugged using 'println' use something like: (append-file "debug.txt" str) instead.


ps:
Code: Select all
newlisp "$NEWLISP_REDIRECTION" -c -http -d 8080 -w


you only need one of either -c or -http
Lutz
 
Posts: 5232
Joined: Thu Sep 26, 2002 4:45 pm
Location: Pasadena, California

Re: Dragonfly 0.50 Released!

Postby itistoday » Fri Nov 13, 2009 1:03 am

Kirill wrote:I can wait. :) Those comments where just something I noticed when giving DF a first try. Thanks for fixing it right away.

Also note that not all systems have /bin/bash (none of mine have in fact). /bin/sh is a safe choice.


Thanks! I've updated that as well. Keep these suggestions coming! :-)
Get your Objective newLISP groove on.
itistoday
 
Posts: 413
Joined: Sun Dec 02, 2007 5:10 pm
Location: I'm sitting right next to you. :)

Re: Dragonfly 0.50 Released!

Postby Kirill » Fri Nov 13, 2009 1:05 am

Lutz wrote:Although PATH_INFO is in the CGI standard it is not supported (or configured?) by even the Apache web-server (see: http://www.newlisp.org/environment.cgi on nfshost.net).


It is: http://www.newlisp.org/environment.cgi/hello-lutz

Note PATH_INFO and PATH_TRANSLATED.
Kirill
 
Posts: 75
Joined: Wed Oct 31, 2007 1:21 pm

Re: Dragonfly 0.50 Released!

Postby Lutz » Fri Nov 13, 2009 1:24 am

Oh, I see, so the env variable only shows up if not empty, could be easily extracted/set then using a htpp-conf.lsp.
Lutz
 
Posts: 5232
Joined: Thu Sep 26, 2002 4:45 pm
Location: Pasadena, California

Re: Dragonfly 0.50 Released!

Postby m35 » Fri Nov 13, 2009 8:27 pm

itistoday wrote:
Code: Select all
#!/bin/bash

NEWLISP_REDIRECTION="./dragonfly-framework/newlisp-redirection.lsp"

if [ ! -f $NEWLISP_REDIRECTION ] ; then
   echo "ERROR: cannot find file: $NEWLISP_REDIRECTION"
   exit 1
fi

echo "If all goes well visit http://localhost:8080 in your browser"
newlisp "$NEWLISP_REDIRECTION" -c -http -d 8080 -w .


Hopefully this works. It should on XP and above. Not sure about 95 and 98.
Code: Select all
@ECHO OFF
SET NEWLISP_REDIRECTION=.\dragonfly-framework\newlisp-redirection.lsp

IF NOT EXIST "%NEWLISP_REDIRECTION%" GOTO NOFILE

ECHO If all goes well visit http://localhost:8080 in your browser
newlisp "%NEWLISP_REDIRECTION%" -c -http -d 8080 -w . %*

GOTO END

:NOFILE
ECHO ERROR: cannot find file: %NEWLISP_REDIRECTION%

:END
m35
 
Posts: 171
Joined: Wed Feb 14, 2007 12:54 pm
Location: Carifornia

Re: Dragonfly 0.50 Released!

Postby hilti » Fri Nov 13, 2009 8:37 pm

Dragonfly 0.51 is released!

All the updates are available now in a ZIP archive on Google Code.

Cheers!
Hilti
--()o Dragonfly web framework for newLISP
http://dragonfly.uberberg.com
hilti
 
Posts: 138
Joined: Sun Apr 19, 2009 10:09 pm
Location: Hannover, Germany

Re: Dragonfly 0.50 Released!

Postby itistoday » Sat Nov 14, 2009 11:06 pm

m35 wrote:Hopefully this works. It should on XP and above. Not sure about 95 and 98.
Code: Select all
@ECHO OFF
SET NEWLISP_REDIRECTION=.\dragonfly-framework\newlisp-redirection.lsp

IF NOT EXIST "%NEWLISP_REDIRECTION%" GOTO NOFILE

ECHO If all goes well visit http://localhost:8080 in your browser
newlisp "%NEWLISP_REDIRECTION%" -c -http -d 8080 -w . %*

GOTO END

:NOFILE
ECHO ERROR: cannot find file: %NEWLISP_REDIRECTION%

:END


Awesome!

Thanks a bunch m35, I finally had a chance to test this today and it worked without a hitch. This too will be in 0.51 (which was pulled due to a premature release).
Get your Objective newLISP groove on.
itistoday
 
Posts: 413
Joined: Sun Dec 02, 2007 5:10 pm
Location: I'm sitting right next to you. :)


Return to Dragonfly

Who is online

Users browsing this forum: No registered users and 1 guest

cron