Page 1 of 1

Dragonfly 0.50 Released!

PostPosted: Thu Nov 12, 2009 12:28 am
by itistoday
I figure we should have a new thread for each major version. :-)

Get it here:

http://dragonfly-newlisp.googlecode.com ... p_v050.zip

Documentation at:

http://www.rundragonfly.com

Many thanks to Marc (hilti) for letting me contribute to it!

Now go play with it! :-)

Re: Dragonfly 0.50 Released!

PostPosted: Thu Nov 12, 2009 12:09 pm
by Kirill
Hello and congratulations on the new release! I fetched it from the repo and set up on my server to play a bit first. Looks promising!

I have a couple of questions.

1. How do I pass extra query parameters to a page? Say I want to add "?foo=bar" to the debug page. Going to http://www.rundragonfly.com/dragonfly_debug?foo=bar gives me an error.
2. What happens if there are to parameters with the same name? E.g. "foo=q1&foo=q55". Would the latter "foo" overwrite the first one? It could be easy to verify if I was able to pass these to the debug, ref. my first point.
3. I see that QUERY_STRING is used to find out what page/resouce users wanted to go to ("index.cgi?page"). Normally it's better to say "index.cgi/page", in such case the value "/page" will be put in PATH_INFO variable. Any additiional query paramaters can be easily added: "index.cgi/page?param=1&param=2&param=3". Here's an example:

http://www.rundragonfly.com/index.cgi/foo/bar/baz?dragonfly_debug?foo=bar&bar=baz

Note how "/foo/bar/baz" is put in PATH_INFO. And also note how query parameters are being split.

Regards,
Kirill

Re: Dragonfly 0.50 Released!

PostPosted: Thu Nov 12, 2009 12:34 pm
by Kirill
Actually I found the answer to my second question. Dragonfly does not support multiple parameters with the same name. Look:

http://www.rundragonfly.com/index.cgi?dragonfly_debug?foo=bar&bar=foo&bar=baz&bar=zoo

Code: Select all
$GET
(("bar" "zoo") ("dragonfly_debug?foo" "bar"))


Here only the last value "zoo" is kept.

Jeff's Web.lsp handles this case correctly:

Code: Select all
(("bar" "foo") ("bar" "baz") ("bar" "zoo"))


Kirill

Re: Dragonfly 0.50 Released!

PostPosted: Thu Nov 12, 2009 3:31 pm
by hilti
Hi Kirill

there's a long explanation about nested resources in our user guide.
http://www.rundragonfly.com/dragonfly_routes

The topic is "What about nested resources?" and our conclusions are

1. Nested resources are often unnecessary
2. Can lead to poor design and confusion

BUT at the end on this page we wrote:

Because of these considerations, as well as the complexities of supporting nested resources in a generic fashion, Dragonfly does not encourage this sort of design pattern by supporting it out-of-the-box. However, if you need such behavior, you've got everything you need to

And we'll show a way to create Your needed queries.

Look over here: http://www.rundragonfly.com/dragonfly_create_routes

And we think that our way will help againt Http parameter pollution shown in this slideshow.
http://www.slideshare.net/Wisec/http-parameter-pollution-a-new-category-of-web-attacks

What Do You think?

Cheers
Hilti

Re: Dragonfly 0.50 Released!

PostPosted: Thu Nov 12, 2009 4:24 pm
by itistoday
Kirill wrote:Hello and congratulations on the new release! I fetched it from the repo and set up on my server to play a bit first. Looks promising!

I have a couple of questions.

1. How do I pass extra query parameters to a page? Say I want to add "?foo=bar" to the debug page. Going to http://www.rundragonfly.com/dragonfly_debug?foo=bar gives me an error.
2. What happens if there are to parameters with the same name? E.g. "foo=q1&foo=q55". Would the latter "foo" overwrite the first one? It could be easy to verify if I was able to pass these to the debug, ref. my first point.
3. I see that QUERY_STRING is used to find out what page/resouce users wanted to go to ("index.cgi?page"). Normally it's better to say "index.cgi/page", in such case the value "/page" will be put in PATH_INFO variable. Any additiional query paramaters can be easily added: "index.cgi/page?param=1&param=2&param=3". Here's an example:

http://www.rundragonfly.com/index.cgi/foo/bar/baz?dragonfly_debug?foo=bar&bar=baz

Note how "/foo/bar/baz" is put in PATH_INFO. And also note how query parameters are being split.

Regards,
Kirill


Thanks Kirill! Those are valid observations, this is something I need to fix with Route.Static and the .htaccess file, I'll get on that and let you know when it's fixed!

Also, thanks for the info regarding PATH_INFO! That might be difficult to support though as currently I don't think newLISP sets that environment variable, and of course even if it did, it doesn't support the .htaccess redirection. I might therefore be forced to do this solely through QUERY_STRING. If you see a way around this though let me know!

Re: Dragonfly 0.50 Released!

PostPosted: Thu Nov 12, 2009 4:32 pm
by itistoday
Kirill wrote:Actually I found the answer to my second question. Dragonfly does not support multiple parameters with the same name. Look:


That's odd, I didn't know multiple parameters with the same name were something that needs to be supported. Does PHP even handle this?

[..tests...]

No it seems PHP doesn't handle this either, $_GET['bar'] returns the last value set. Can you give me more info on why you think this should be supported, is this part of an RFC somewhere?

[...searches some more...]

A quick Google search shows how PHP supposedly handles this:

http://stackoverflow.com/questions/353379/how-to-get-multiple-parameters-with-same-name-from-a-url-in-php

They seem to require parsing QUERY_STRING manually. Of course you could do this with Dragonfly as well, and perhaps you should. Is there a good reason for Dragonfly to support same-named parameters within $GET? I'm not convinced it's needed or even prudent that we add this..

Re: Dragonfly 0.50 Released!

PostPosted: Thu Nov 12, 2009 4:55 pm
by Kirill
Thanks for your comments!

there's a long explanation about nested resources in our user guide.
http://www.rundragonfly.com/dragonfly_routes


I was not going to use any nested resources - I just wanted to add query parameters to pages, so that they could e.g. display another language or what not.

That's odd, I didn't know multiple parameters with the same name were something that needs to be supported. Does PHP even handle this?


I don't know about PHP, but Perl's CGI.pm has done that for ages. In Mason it's also part of the standard. And I've been using it a lot too. E.g. on a list with mail messages, users checks those she wantes moved or deleted and hits Move or Delete. All those checked boxes will have the same name, but different values attached.

Multi-select checkboxes work that very same way. Look for example at this:

http://www.siteexperts.com/tips/html/ts16/page1.asp

So multiple values for the same field is not too much to demand from web framework.

They seem to require parsing QUERY_STRING manually. Of course you could do this with Dragonfly as well, and perhaps you should. Is there a good reason for Dragonfly to support same-named parameters within $GET? I'm not convinced it's needed or even prudent that we add this..


Not only GET. POST too. I used GET as an example only.

-- Kirill

Re: Dragonfly 0.50 Released!

PostPosted: Thu Nov 12, 2009 5:08 pm
by Kirill
Regarding PHP, here's how they deal with it:

Each option will overwrite the contents of the previous $var variable. The solution is to use PHP's "array from form element" feature. The following should be used:


Code: Select all
<select name="var[]" multiple="yes">


This was from the FAQ

Re: Dragonfly 0.50 Released!

PostPosted: Thu Nov 12, 2009 5:59 pm
by itistoday
Kirill wrote:Regarding PHP, here's how they deal with it:

Each option will overwrite the contents of the previous $var variable. The solution is to use PHP's "array from form element" feature. The following should be used:


Code: Select all
<select name="var[]" multiple="yes">


This was from the FAQ


Thanks again Kirill, the example shows a legitimate use for that, so I'll go ahead and add this functionality (and I'll probably add a chapter on it to the User Guide).

Did you see my edit regarding PATH_INFO btw?

Re: Dragonfly 0.50 Released!

PostPosted: Thu Nov 12, 2009 8:59 pm
by Kirill
itistoday wrote:Thanks again Kirill, the example shows a legitimate use for that, so I'll go ahead and add this functionality (and I'll probably add a chapter on it to the User Guide).

Did you see my edit regarding PATH_INFO btw?


PATH_INFO is a standard variable defined in the CGI spec. All servers saying to support CGI should have support for that.

Regarding newLISP server - you don't really need to prepend requests with a ? there either - you can use (command-event) to do some rewriting, so that you'd get pretty looking URLs with newLISP web server too.

Kirill

Re: Dragonfly 0.50 Released!

PostPosted: Fri Nov 13, 2009 12:08 am
by itistoday
Kirill wrote:PATH_INFO is a standard variable defined in the CGI spec. All servers saying to support CGI should have support for that.


Looks like this is something Lutz might want to look into.

Currently the .htaccess script will properly translate a GET request like this:

GET /asdf?blah=foo

Into:

GET /index.cgi?asdf&blah=foo

But that would be broken in the built-in newlispServer. This is something I might be able to fix with the command-event you mentioned, but having the PATH_INFO would make it much cleaner.

Regarding newLISP server - you don't really need to prepend requests with a ? there either - you can use (command-event) to do some rewriting, so that you'd get pretty looking URLs with newLISP web server too.


Thanks for the 'command-event' tip! I have this working already on my end and will up push the changes to the mercurial repository once I fix the GET issue mentioned above as well. Note that it's also therefore recommended to run the built-in server using the provided newlispServer script:

Code: Select all
$ cd path/to/example-site
$ ./newlispServer


On Windows you'll have to use the entire thing:

Code: Select all
newlisp "dragonfly-framework/newlisp-redirection.lsp" -c -http -d 8080 -w .


if someone could tell me what the equivalent Windows script to 'newlispServer' would be I'll add it!

Code: Select all
#!/bin/bash

NEWLISP_REDIRECTION="./dragonfly-framework/newlisp-redirection.lsp"

if [ ! -f $NEWLISP_REDIRECTION ] ; then
   echo "ERROR: cannot find file: $NEWLISP_REDIRECTION"
   exit 1
fi

echo "If all goes well visit http://localhost:8080 in your browser"
newlisp "$NEWLISP_REDIRECTION" -c -http -d 8080 -w .

Re: Dragonfly 0.50 Released!

PostPosted: Fri Nov 13, 2009 12:42 am
by itistoday
Done!

All of the issues with GET should be gone (except for the multi-param stuff, that's coming next). All of the URLs now no longer use the ? when running the built-in server.

Full change-set: http://code.google.com/p/dragonfly-newlisp/source/detail?r=0924bfc1f0ab37d37596dafcb0b66b201273ddbc

If you want this functionality you can get it now by grabbing it from mercurial. Otherwise these changes will be in 0.51, along with the multi-param stuff.

Re: Dragonfly 0.50 Released!

PostPosted: Fri Nov 13, 2009 12:49 am
by Kirill
I can wait. :) Those comments where just something I noticed when giving DF a first try. Thanks for fixing it right away.

Also note that not all systems have /bin/bash (none of mine have in fact). /bin/sh is a safe choice.

-- Kirill

Re: Dragonfly 0.50 Released!

PostPosted: Fri Nov 13, 2009 1:03 am
by Lutz
Although PATH_INFO is in the CGI standard it is not supported (or configured?) by even the Apache web-server (see: http://www.newlisp.org/environment.cgi on nfshost.net).

I am glad both of you discovered httpd-conf.lsp. Here are a couple of more links for anybody who wants to know more about this:

http://www.newlisp.org/downloads/newlis ... #http_mode

here:

http://www.newlisp.org/downloads/newlis ... mand-event

and here:

http://www.newlisp.org/downloads/CodePa ... tml#toc-22

Note that a httpd-conf.lsp cannot be debugged using 'println' use something like: (append-file "debug.txt" str) instead.


ps:
Code: Select all
newlisp "$NEWLISP_REDIRECTION" -c -http -d 8080 -w


you only need one of either -c or -http

Re: Dragonfly 0.50 Released!

PostPosted: Fri Nov 13, 2009 1:03 am
by itistoday
Kirill wrote:I can wait. :) Those comments where just something I noticed when giving DF a first try. Thanks for fixing it right away.

Also note that not all systems have /bin/bash (none of mine have in fact). /bin/sh is a safe choice.


Thanks! I've updated that as well. Keep these suggestions coming! :-)

Re: Dragonfly 0.50 Released!

PostPosted: Fri Nov 13, 2009 1:05 am
by Kirill
Lutz wrote:Although PATH_INFO is in the CGI standard it is not supported (or configured?) by even the Apache web-server (see: http://www.newlisp.org/environment.cgi on nfshost.net).


It is: http://www.newlisp.org/environment.cgi/hello-lutz

Note PATH_INFO and PATH_TRANSLATED.

Re: Dragonfly 0.50 Released!

PostPosted: Fri Nov 13, 2009 1:24 am
by Lutz
Oh, I see, so the env variable only shows up if not empty, could be easily extracted/set then using a htpp-conf.lsp.

Re: Dragonfly 0.50 Released!

PostPosted: Fri Nov 13, 2009 8:27 pm
by m35
itistoday wrote:
Code: Select all
#!/bin/bash

NEWLISP_REDIRECTION="./dragonfly-framework/newlisp-redirection.lsp"

if [ ! -f $NEWLISP_REDIRECTION ] ; then
   echo "ERROR: cannot find file: $NEWLISP_REDIRECTION"
   exit 1
fi

echo "If all goes well visit http://localhost:8080 in your browser"
newlisp "$NEWLISP_REDIRECTION" -c -http -d 8080 -w .


Hopefully this works. It should on XP and above. Not sure about 95 and 98.
Code: Select all
@ECHO OFF
SET NEWLISP_REDIRECTION=.\dragonfly-framework\newlisp-redirection.lsp

IF NOT EXIST "%NEWLISP_REDIRECTION%" GOTO NOFILE

ECHO If all goes well visit http://localhost:8080 in your browser
newlisp "%NEWLISP_REDIRECTION%" -c -http -d 8080 -w . %*

GOTO END

:NOFILE
ECHO ERROR: cannot find file: %NEWLISP_REDIRECTION%

:END

Re: Dragonfly 0.50 Released!

PostPosted: Fri Nov 13, 2009 8:37 pm
by hilti
Dragonfly 0.51 is released!

All the updates are available now in a ZIP archive on Google Code.

Cheers!
Hilti

Re: Dragonfly 0.50 Released!

PostPosted: Sat Nov 14, 2009 11:06 pm
by itistoday
m35 wrote:Hopefully this works. It should on XP and above. Not sure about 95 and 98.
Code: Select all
@ECHO OFF
SET NEWLISP_REDIRECTION=.\dragonfly-framework\newlisp-redirection.lsp

IF NOT EXIST "%NEWLISP_REDIRECTION%" GOTO NOFILE

ECHO If all goes well visit http://localhost:8080 in your browser
newlisp "%NEWLISP_REDIRECTION%" -c -http -d 8080 -w . %*

GOTO END

:NOFILE
ECHO ERROR: cannot find file: %NEWLISP_REDIRECTION%

:END


Awesome!

Thanks a bunch m35, I finally had a chance to test this today and it worked without a hitch. This too will be in 0.51 (which was pulled due to a premature release).