Dragonfly 0.50 Released!

itistoday · November 11, 2009, 04:28:08 PM

I figure we should have a new thread for each major version. :-)

Get it here:

http://dragonfly-newlisp.googlecode.com/files/dragonfly-newlisp_v050.zip">http://dragonfly-newlisp.googlecode.com ... p_v050.zip">http://dragonfly-newlisp.googlecode.com/files/dragonfly-newlisp_v050.zip

Documentation at:

http://www.rundragonfly.com">http://www.rundragonfly.com

Many thanks to Marc (hilti) for letting me contribute to it!

Now go play with it! :-)

Kirill · November 12, 2009, 04:09:07 AM

Hello and congratulations on the new release! I fetched it from the repo and set up on my server to play a bit first. Looks promising!

I have a couple of questions.

1. How do I pass extra query parameters to a page? Say I want to add "?foo=bar" to the debug page. Going to http://www.rundragonfly.com/dragonfly_debug?foo=bar">//http://www.rundragonfly.com/dragonfly_debug?foo=bar gives me an error.

2. What happens if there are to parameters with the same name? E.g. "foo=q1&foo=q55". Would the latter "foo" overwrite the first one? It could be easy to verify if I was able to pass these to the debug, ref. my first point.

3. I see that QUERY_STRING is used to find out what page/resouce users wanted to go to ("index.cgi?page"). Normally it's better to say "index.cgi/page", in such case the value "/page" will be put in PATH_INFO variable. Any additiional query paramaters can be easily added: "index.cgi/page?param=1&param=2&param=3". Here's an example:

http://www.rundragonfly.com/index.cgi/foo/bar/baz?dragonfly_debug?foo=bar&bar=baz">//http://www.rundragonfly.com/index.cgi/foo/bar/baz?dragonfly_debug?foo=bar&bar=baz

Note how "/foo/bar/baz" is put in PATH_INFO. And also note how query parameters are being split.

Regards,

Kirill

Kirill · November 12, 2009, 04:34:55 AM

Actually I found the answer to my second question. Dragonfly does not support multiple parameters with the same name. Look:

http://www.rundragonfly.com/index.cgi?dragonfly_debug?foo=bar&bar=foo&bar=baz&bar=zoo">//http://www.rundragonfly.com/index.cgi?dragonfly_debug?foo=bar&bar=foo&bar=baz&bar=zoo

Code Select Expand

$GET
(("bar" "zoo") ("dragonfly_debug?foo" "bar"))

Here only the last value "zoo" is kept.

Jeff's Web.lsp handles this case correctly:

Code Select Expand

(("bar" "foo") ("bar" "baz") ("bar" "zoo"))

Kirill

hilti · November 12, 2009, 07:31:31 AM

Hi Kirill

there's a long explanation about nested resources in our user guide.

http://www.rundragonfly.com/dragonfly_routes">//http://www.rundragonfly.com/dragonfly_routes

The topic is "What about nested resources?" and our conclusions are

1. Nested resources are often unnecessary

2. Can lead to poor design and confusion

BUT at the end on this page we wrote:

Because of these considerations, as well as the complexities of supporting nested resources in a generic fashion, Dragonfly does not encourage this sort of design pattern by supporting it out-of-the-box. However, if you need such behavior, you've got everything you need to

And we'll show a way to create Your needed queries.

Look over here: http://www.rundragonfly.com/dragonfly_create_routes">//http://www.rundragonfly.com/dragonfly_create_routes

And we think that our way will help againt Http parameter pollution shown in this slideshow.

http://www.slideshare.net/Wisec/http-parameter-pollution-a-new-category-of-web-attacks">//http://www.slideshare.net/Wisec/http-parameter-pollution-a-new-category-of-web-attacks

What Do You think?

Cheers

Hilti

itistoday · November 12, 2009, 08:24:43 AM

~~Quote from: "Kirill"~~Hello and congratulations on the new release! I fetched it from the repo and set up on my server to play a bit first. Looks promising!

I have a couple of questions.

1. How do I pass extra query parameters to a page? Say I want to add "?foo=bar" to the debug page. Going to http://www.rundragonfly.com/dragonfly_debug?foo=bar">//http://www.rundragonfly.com/dragonfly_debug?foo=bar gives me an error.

2. What happens if there are to parameters with the same name? E.g. "foo=q1&foo=q55". Would the latter "foo" overwrite the first one? It could be easy to verify if I was able to pass these to the debug, ref. my first point.

3. I see that QUERY_STRING is used to find out what page/resouce users wanted to go to ("index.cgi?page"). Normally it's better to say "index.cgi/page", in such case the value "/page" will be put in PATH_INFO variable. Any additiional query paramaters can be easily added: "index.cgi/page?param=1&param=2&param=3". Here's an example:

http://www.rundragonfly.com/index.cgi/foo/bar/baz?dragonfly_debug?foo=bar&bar=baz">//http://www.rundragonfly.com/index.cgi/foo/bar/baz?dragonfly_debug?foo=bar&bar=baz

Note how "/foo/bar/baz" is put in PATH_INFO. And also note how query parameters are being split.

Regards,

Kirill

Thanks Kirill! Those are valid observations, this is something I need to fix with Route.Static and the .htaccess file, I'll get on that and let you know when it's fixed!

Also, thanks for the info regarding PATH_INFO! That might be difficult to support though as currently I don't think newLISP sets that environment variable, and of course even if it did, it doesn't support the .htaccess redirection. I might therefore be forced to do this solely through QUERY_STRING. If you see a way around this though let me know!

itistoday · November 12, 2009, 08:32:35 AM

~~Quote from: "Kirill"~~Actually I found the answer to my second question. Dragonfly does not support multiple parameters with the same name. Look:

That's odd, I didn't know multiple parameters with the same name were something that needs to be supported. Does PHP even handle this?

[..tests...]

No it seems PHP doesn't handle this either, $_GET['bar'] returns the last value set. Can you give me more info on why you think this should be supported, is this part of an RFC somewhere?

[...searches some more...]

A quick Google search shows how PHP supposedly handles this:

http://stackoverflow.com/questions/353379/how-to-get-multiple-parameters-with-same-name-from-a-url-in-php">//http://stackoverflow.com/questions/353379/how-to-get-multiple-parameters-with-same-name-from-a-url-in-php

They seem to require parsing QUERY_STRING manually. Of course you could do this with Dragonfly as well, and perhaps you should. Is there a good reason for Dragonfly to support same-named parameters within $GET? I'm not convinced it's needed or even prudent that we add this..

Kirill · November 12, 2009, 08:55:41 AM

Thanks for your comments!

~~Quote~~there's a long explanation about nested resources in our user guide.

http://www.rundragonfly.com/dragonfly_routes">http://www.rundragonfly.com/dragonfly_routes

I was not going to use any nested resources - I just wanted to add query parameters to pages, so that they could e.g. display another language or what not.

~~Quote~~That's odd, I didn't know multiple parameters with the same name were something that needs to be supported. Does PHP even handle this?

I don't know about PHP, but Perl's CGI.pm has done that for ages. In http://www.masonhq.com/">Mason it's also part of the http://www.masonhq.com/docs/manual/Devel.html#accessing_parameters">standard. And I've been using it a lot too. E.g. on a list with mail messages, users checks those she wantes moved or deleted and hits Move or Delete. All those checked boxes will have the same name, but different values attached.

Multi-select checkboxes work that very same way. Look for example at this:

http://www.siteexperts.com/tips/html/ts16/page1.asp">http://www.siteexperts.com/tips/html/ts16/page1.asp

So multiple values for the same field is not too much to demand from web framework.

~~Quote~~
They seem to require parsing QUERY_STRING manually. Of course you could do this with Dragonfly as well, and perhaps you should. Is there a good reason for Dragonfly to support same-named parameters within $GET? I'm not convinced it's needed or even prudent that we add this..

Not only GET. POST too. I used GET as an example only.

-- Kirill

Kirill · November 12, 2009, 09:08:56 AM

Regarding PHP, here's how they deal with it:

~~Quote~~Each option will overwrite the contents of the previous $var variable. The solution is to use PHP's "array from form element" feature. The following should be used:

Code Select Expand

<select name="var[]" multiple="yes">

This was from http://www.php.net/manual/en/faq.html.php#faq.html.select-multiple">the FAQ

itistoday · November 12, 2009, 09:59:32 AM

~~Quote from: "Kirill"~~Regarding PHP, here's how they deal with it:

~~Quote~~Each option will overwrite the contents of the previous $var variable. The solution is to use PHP's "array from form element" feature. The following should be used:

Code Select Expand <select name="var[]" multiple="yes">

This was from http://www.php.net/manual/en/faq.html.php#faq.html.select-multiple">the FAQ

Thanks again Kirill, the example shows a legitimate use for that, so I'll go ahead and add this functionality (and I'll probably add a chapter on it to the User Guide).

Did you see my edit regarding PATH_INFO btw?

Kirill · November 12, 2009, 12:59:10 PM

~~Quote from: "itistoday"~~
Thanks again Kirill, the example shows a legitimate use for that, so I'll go ahead and add this functionality (and I'll probably add a chapter on it to the User Guide).

Did you see my edit regarding PATH_INFO btw?

PATH_INFO is a http://hoohoo.ncsa.illinois.edu/cgi/interface.html">standard variable defined in the http://hoohoo.ncsa.illinois.edu/cgi/interface.html">CGI spec. All servers saying to support CGI should have support for that.

Regarding newLISP server - you don't really need to prepend requests with a ? there either - you can use (command-event) to do some rewriting, so that you'd get pretty looking URLs with newLISP web server too.

Kirill

itistoday · November 12, 2009, 04:08:39 PM

~~Quote from: "Kirill"~~PATH_INFO is a http://hoohoo.ncsa.illinois.edu/cgi/interface.html">standard variable defined in the http://hoohoo.ncsa.illinois.edu/cgi/interface.html">CGI spec. All servers saying to support CGI should have support for that.

Looks like this is something Lutz might want to look into.

Currently the .htaccess script will properly translate a GET request like this:

GET /asdf?blah=foo

Into:

GET /index.cgi?asdf&blah=foo

But that would be broken in the built-in newlispServer. This is something I might be able to fix with the command-event you mentioned, but having the PATH_INFO would make it much cleaner.

~~Quote~~Regarding newLISP server - you don't really need to prepend requests with a ? there either - you can use (command-event) to do some rewriting, so that you'd get pretty looking URLs with newLISP web server too.

Thanks for the 'command-event' tip! I have this working already on my end and will up push the changes to the mercurial repository once I fix the GET issue mentioned above as well. Note that it's also therefore recommended to run the built-in server using the provided newlispServer script:

Code Select Expand
$ cd path/to/example-site
$ ./newlispServer

On Windows you'll have to use the entire thing:

Code Select Expand
newlisp "dragonfly-framework/newlisp-redirection.lsp" -c -http -d 8080 -w .

if someone could tell me what the equivalent Windows script to 'newlispServer' would be I'll add it!

Code Select Expand
#!/bin/bash

NEWLISP_REDIRECTION="./dragonfly-framework/newlisp-redirection.lsp"

if [ ! -f $NEWLISP_REDIRECTION ] ; then
	echo "ERROR: cannot find file: $NEWLISP_REDIRECTION"
	exit 1
fi

echo "If all goes well visit http://localhost:8080 in your browser"
newlisp "$NEWLISP_REDIRECTION" -c -http -d 8080 -w .

itistoday · November 12, 2009, 04:42:12 PM

Done!

All of the issues with GET should be gone (except for the multi-param stuff, that's coming next). All of the URLs now no longer use the ? when running the built-in server.

Full change-set: http://code.google.com/p/dragonfly-newlisp/source/detail?r=0924bfc1f0ab37d37596dafcb0b66b201273ddbc">//http://code.google.com/p/dragonfly-newlisp/source/detail?r=0924bfc1f0ab37d37596dafcb0b66b201273ddbc

If you want this functionality you can get it now by grabbing it from mercurial. Otherwise these changes will be in 0.51, along with the multi-param stuff.

Kirill · November 12, 2009, 04:49:18 PM

I can wait. :) Those comments where just something I noticed when giving DF a first try. Thanks for fixing it right away.

Also note that not all systems have /bin/bash (none of mine have in fact). /bin/sh is a safe choice.

-- Kirill

Lutz · November 12, 2009, 05:03:07 PM

Although PATH_INFO is in the CGI standard it is not supported (or configured?) by even the Apache web-server (see: http://www.newlisp.org/environment.cgi">http://www.newlisp.org/environment.cgi on nfshost.net).

I am glad both of you discovered httpd-conf.lsp. Here are a couple of more links for anybody who wants to know more about this:

http://www.newlisp.org/downloads/newlisp_manual.html#http_mode">http://www.newlisp.org/downloads/newlis ... #http_mode">http://www.newlisp.org/downloads/newlisp_manual.html#http_mode

here:

http://www.newlisp.org/downloads/newlisp_manual.html#command-event">http://www.newlisp.org/downloads/newlis ... mand-event">http://www.newlisp.org/downloads/newlisp_manual.html#command-event

and here:

http://www.newlisp.org/downloads/CodePatterns.html#toc-22">http://www.newlisp.org/downloads/CodePa ... tml#toc-22">http://www.newlisp.org/downloads/CodePatterns.html#toc-22

Note that a httpd-conf.lsp cannot be debugged using 'println' use something like: (append-file "debug.txt" str) instead.

ps:

Code Select Expand
newlisp "$NEWLISP_REDIRECTION" -c -http -d 8080 -w

you only need one of either -c or -http

itistoday · November 12, 2009, 05:03:51 PM

~~Quote from: "Kirill"~~I can wait. :) Those comments where just something I noticed when giving DF a first try. Thanks for fixing it right away.

Also note that not all systems have /bin/bash (none of mine have in fact). /bin/sh is a safe choice.

Thanks! I've updated that as well. Keep these suggestions coming! :-)

newLISP Fan Club

News: