oqapi/webgui
2
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

Re-adding (conditional) cookie baking. I'm not sure anyone has been successfully testing SVN WebGUI since it was removed.

Browse source 
Moving cookies out of session::open into contentHandler (they already were in uploadsHandler).  
Eliminating opening a new visitor session and then converting it to the actual user session for every single request by making two Session.pm methods public instead of private.
Added NOT_FOUND to the list of exported from Const.
Fixing a small bug in File.pm.  
Fixed some spacing/tabs/formatting issues in various places.
This autocomplete in TortoiseSVN is really nifty.
This commit is contained in:
Matthew Wilson 2005-11-19 23:30:52 +00:00
parent 5a754e2241
commit 818ff2608c
5 changed files with 103 additions and 72 deletions
Download patch file Download diff file Expand all files Collapse all files

124
lib/WebGUI.pm
View file

@ -17,6 +17,7 @@ use Tie::CPHash;
use WebGUI::Affiliate;
use WebGUI::Asset;
use WebGUI::Cache;
use WebGUI::Config;
use WebGUI::ErrorHandler;
use WebGUI::Grouping;
use WebGUI::HTTP;
@ -24,6 +25,7 @@ use WebGUI::International;
use WebGUI::Operation;
use WebGUI::Privilege;
use WebGUI::Session;
use WebGUI::Setting;
use WebGUI::SQL;
use WebGUI::Style;
use WebGUI::URL;
@ -32,13 +34,13 @@ use WebGUI::PassiveProfiling;
use Apache2::Request;
use Apache2::RequestRec ();
use Apache2::RequestIO ();
use Apache2::Const -compile => qw(OK DECLINED);
use Apache2::Const -compile => qw(OK DECLINED NOT_FOUND);
use Apache2::ServerUtil ();
#-------------------------------------------------------------------
sub handler {
my $r = shift;
my $s = Apache2::ServerUtil->server;
my $r = shift;
my $s = Apache2::ServerUtil->server;
my $config = WebGUI::Config::getConfig($s->dir_config('WebguiRoot'),$r->dir_config('WebguiConfig'));
foreach my $url ($config->{extrasURL}, @{$config->{passthruUrls}}) {
return Apache2::Const::DECLINED if ($r->uri =~ m/^$url/);
@ -46,24 +48,42 @@ sub handler {
my $uploads = $config->{uploadsURL};
if ($r->uri =~ m/^$uploads/) {
$r->handler('perl-script');
$r->set_handlers(PerlAccessHandler => \&uploadsHandler);
$r->set_handlers(PerlAccessHandler => \&uploadsHandler);
} else {
$r->handler('perl-script');
$r->set_handlers(PerlResponseHandler => \&contentHandler);
$r->set_handlers(PerlTransHandler => sub { return Apache2::Const::OK });
$r->handler('perl-script');
$r->set_handlers(PerlResponseHandler => \&contentHandler);
$r->set_handlers(PerlTransHandler => sub { return Apache2::Const::OK });
}
return Apache2::Const::DECLINED;
return Apache2::Const::DECLINED;
}
#-------------------------------------------------------------------
sub contentHandler {
### The following items must be in precisely the following order
# because each line depends on something from the previous line.
### inherit Apache request.
my $r = shift;
my $s = Apache2::ServerUtil->server;
WebGUI::HTTP::getCookies();
WebGUI::Session::open($s->dir_config('WebguiRoot'),$r->dir_config('WebguiConfig'),$r);
### Instantiate the API for this httpd instance.
my $s = Apache2::ServerUtil->server;
### Open new or existing user session based on user-agent's cookie.
WebGUI::Session::open($s->dir_config('WebguiRoot'),$r->dir_config('WebguiConfig'),0);
### Apache2::Request object
$session{req} = Apache2::Request->new($r, POST_MAX => 1024 * $session{setting}{maxAttachmentSize});
$session{req} = Apache2::Request->new($r, POST_MAX => 1024 * $session{setting}{maxAttachmentSize});
### Sets $session{cookie} as a hashref of the cookies.
WebGUI::HTTP::getCookies();
### Change current user to user specified in wgSession cookie.
if ($session{cookie}{wgSession} eq "") {
WebGUI::Session::start(1); #setting up a visitor session
} else {
WebGUI::Session::setupSessionVars($session{cookie}{wgSession});
}
### current user's account and profile information (from users and userProfileData tables)
WebGUI::Session::setupUserInfo($session{var}{userId});
### Add wgSession cookie to header iff it's not already on the client.
WebGUI::HTTP::setCookie("wgSession",$session{var}{sessionId}) unless ($session{var}{sessionId} eq $session{cookie}{wgSession});
### Add Apache Request stuff to Session
$session{wguri} = $r->uri;
### check to see if client is proxied and adjust remote_addr as necessary
@ -85,13 +105,13 @@ sub contentHandler {
my $output = page();
WebGUI::Affiliate::grabReferral(); # process affilliate tracking request
if (WebGUI::HTTP::isRedirect()) {
$output = WebGUI::HTTP::getHeader();
} else {
$output = WebGUI::HTTP::getHeader().$output;
if (WebGUI::ErrorHandler::canShowDebug()) {
$output = WebGUI::HTTP::getHeader();
} else {
$output = WebGUI::HTTP::getHeader().$output;
if (WebGUI::ErrorHandler::canShowDebug()) {
$output .= WebGUI::ErrorHandler::showDebug();
}
}
}
}
$r->print($output);
}
WebGUI::Session::close();
@ -134,14 +154,14 @@ sub page {
}
#-------------------------------------------------------------------
#-------------------------------------------------------------------
sub processOperations {
my ($cmd, $output);
my $op = $session{form}{op};
my $opNumber = shift || 1;
if ($op) {
if ($op) {
$output = WebGUI::Operation::execute($op);
}
}
$opNumber++;
if ($output eq "" && exists $session{form}{"op".$opNumber}) {
my $urlString = WebGUI::URL::unescape($session{form}{"op".$opNumber});
@ -162,47 +182,51 @@ sub processOperations {
sub setup {
require WebGUI::Operation::WebGUI;
my $output = WebGUI::Operation::WebGUI::www_setup();
return WebGUI::HTTP::getHeader().$output;
return WebGUI::HTTP::getHeader().$output;
}
#-------------------------------------------------------------------
sub uploadsHandler {
my $r = shift;
my $s = Apache2::ServerUtil->server;
my $s = Apache2::ServerUtil->server;
my $ok = Apache2::Const::OK();
my $notfound = Apache2::Const::NOT_FOUND();
if (-e $r->filename) {
my $path = $r->filename;
$path =~ s/^(\/.*\/).*$/$1/;
if (-e $path.".wgaccess") {
my $fileContents;
open(FILE,"<".$path.".wgaccess");
while (<FILE>) {
$fileContents .= $_;
}
close(FILE);
my @privs = split("\n",$fileContents);
unless ($privs[1] eq "7" || $privs[1] eq "1") {
WebGUI::HTTP::getCookies();
WebGUI::Session::open($s->dir_config('WebguiRoot'),$r->dir_config('WebguiConfig'),$r);
### Apache2::Request object
$session{req} = $r;
WebGUI::Session::refreshSessionVars($session{cookie}{wgSession});
my $hasPrivs = ($session{user}{userId} eq $privs[0] || WebGUI::Grouping::isInGroup($privs[1]) || WebGUI::Grouping::isInGroup($privs[2]));
WebGUI::Session::close();
my $notfound = Apache2::Const::NOT_FOUND();
if (-e $r->filename) {
my $path = $r->filename;
$path =~ s/^(\/.*\/).*$/$1/;
if (-e $path.".wgaccess") {
my $fileContents;
open(FILE,"<".$path.".wgaccess");
while (<FILE>) {
$fileContents .= $_;
}
close(FILE);
my @privs = split("\n",$fileContents);
unless ($privs[1] eq "7" || $privs[1] eq "1") {
### Apache2::Request object
$session{req} = Apache2::Request->new($r);;
WebGUI::HTTP::getCookies();
WebGUI::Session::open($s->dir_config('WebguiRoot'),$r->dir_config('WebguiConfig'),0);
if ($session{cookie}{wgSession} eq "") {
WebGUI::Session::start(1); #setting up a visitor session
} else {
WebGUI::Session::setupSessionVars($session{cookie}{wgSession});
}
$session{req}->user($session{var}{username}) if $session{req};
my $hasPrivs = ($session{var}{userId} eq $privs[0] || WebGUI::Grouping::isInGroup($privs[1]) || WebGUI::Grouping::isInGroup($privs[2]));
WebGUI::Session::close();
if ($hasPrivs) {
return $ok;
} else {
return 401;
}
}
}
return $ok;
} else {
return $notfound;
}
}
}
return $ok;
} else {
return $notfound;
}
}

2
lib/WebGUI/Asset/File.pm
View file

@ -197,7 +197,7 @@ sub processPropertiesFromFormPost {
$self->SUPER::processPropertiesFromFormPost;
delete $self->{_storageLocation};
my $storage = $self->getStorageLocation;
my $filename = $storage->addFileFromFormPost("file");
my $filename = $storage->addFileFromFormPost("file",1);
if (defined $filename) {
my %data;
$data{filename} = $filename;

2
lib/WebGUI/Asset/FilePile.pm
View file

@ -173,7 +173,7 @@ sub editSave {
$data{storageId} = $storage->getId;
$data{filename} = $data{title} = $data{menuTitle} = $filename;
$data{templateId} = 'PBtmpl0000000000000024';
$data{templateId} = 'PBtmpl0000000000000088' if ($className eq "WebGUI::Asset::File::Image");
$data{templateId} = 'PBtmpl0000000000000088' if ($className eq "WebGUI::Asset::File::Image");
$data{url} = $class->getParent->getUrl.'/'.$filename;
my $newAsset = $class->getParent->addChild(\%data);
delete $newAsset->{_storageLocation};

45
lib/WebGUI/Session.pm
View file

@ -44,7 +44,7 @@ This package is the heart and lifeblood of WebGUI. Without it WebGUI could not e
B<NOTE:> It is important to distinguish the difference between a WebGUI session and a user session. A user session is attached to a WebGUI session. A WebGUI session is all of the basic data the WebGUI needs to operate.
TIP: The $session variable is a case-insensitive hash. The contents of the has vary, but can be seen by adding debug=1 to the end of any WebGUI URL while logged in as an admin user.
TIP: The $session variable is a case-insensitive hash. The contents of the hash vary, but can be seen by enabling debug output in the Settings.
=head1 SYNOPSIS
@ -70,7 +70,7 @@ These subroutines are available from this package:
#-------------------------------------------------------------------
sub _setupSessionVars {
sub setupSessionVars {
my (%vars, $uid);
tie %vars, 'Tie::CPHash';
if ($_[0] ne "") {
@ -81,21 +81,21 @@ sub _setupSessionVars {
}
if ($vars{sessionId} ne "") {
$session{scratch} = WebGUI::SQL->buildHashRef("select name,value from userSessionScratch
where sessionId=".quote($_[0]));
WebGUI::SQL->write("update userSession set lastPageView=".time().", lastIP='$session{env}{REMOTE_ADDR}',
where sessionId=".quote($_[0]));
WebGUI::SQL->write("update userSession set lastPageView=".time().", lastIP='$session{env}{REMOTE_ADDR}',
expires=".(time()+$session{setting}{sessionTimeout})." where sessionId='$_[0]'");
} else {
$vars{sessionId} = start(1,$_[0]);
}
}
}
$session{var} = \%vars;
}
#-------------------------------------------------------------------
sub _setupUserInfo {
sub setupUserInfo {
my $u = WebGUI::User->new(shift);
%{$session{user}} = (%{$u->{_profile}}, %{$u->{_user}});
# $session{req}->user($session{user}{username});
$session{req}->user($session{user}{username}) if $session{req};
$session{user}{alias} = $session{user}{username} if ($session{user}{alias} =~ /^\W+$/ || $session{user}{alias} eq "");
}
@ -253,7 +253,7 @@ sub isAdminOn {
#-------------------------------------------------------------------
=head2 open ( webguiRoot, configFile [ , fastcgi ] )
=head2 open ( webguiRoot, configFile [, instantiateUser ] )
Opens a closed ( or new ) WebGUI session.
@ -265,16 +265,22 @@ The path to the WebGUI files.
The filename of the config file that WebGUI should operate from.
=head3 fastcgi
=head4 instantiateUser
A pointer to a Fast CGI object.
Whether or not this session should instantiate the user. Defaults to yes.
Is set to "no" (0) by WebGUI::contentHandler().
=cut
sub open {
my $webguiRoot = shift;
my $configFile = shift;
my ($key);
my $instantiateUser = shift || 1;
###----------------------------
### config variables
$session{config} = WebGUI::Config::getConfig($webguiRoot,$configFile);
###----------------------------
### operating system specific things
$session{os}{name} = $^O;
@ -286,10 +292,8 @@ sub open {
$session{os}{slash} = "/";
}
###----------------------------
### config variables
$session{config} = WebGUI::Config::getConfig($webguiRoot,$configFile);
###----------------------------
### default database handler object
# use of Apache::DBI is recommended, but is not guaranteed here.
$session{dbh} = DBI->connect($session{config}{dsn},$session{config}{dbuser},$session{config}{dbpass},{ RaiseError=>0,AutoCommit=>1 });
if ( $session{config}{dsn} =~ /Oracle/ ) { # Set Oracle specific attributes
$session{dbh}->{LongReadLen} = 512 * 1024;
@ -301,22 +305,25 @@ sub open {
}
}
###----------------------------
### evironment variables from web server
### environment variables from web server
$session{env} = \%ENV;
###----------------------------
### global system settings (from settings table)
$session{setting} = WebGUI::Setting::get();
return 1 unless $instantiateUser;
###----------------------------
### session variables
if ($session{cookie}{wgSession} eq "") {
start(1); #setting up a visitor session
} else {
_setupSessionVars($session{cookie}{wgSession});
setupSessionVars($session{cookie}{wgSession});
}
###----------------------------
### current user's account and profile information (from users and userProfileData tables)
_setupUserInfo($session{var}{userId});
setupUserInfo($session{var}{userId});
}
#-------------------------------------------------------------------
@ -351,7 +358,7 @@ The session id to update.
=cut
sub refreshSessionVars {
_setupSessionVars($_[0]);
setupSessionVars($_[0]);
refreshUserInfo($session{var}{userId});
}
@ -370,7 +377,7 @@ Refreshes the user's information from the database into this user session.
sub refreshUserInfo {
my $userId = shift;
WebGUI::Cache->new(["user",$userId])->delete;
_setupUserInfo($userId);
setupUserInfo($userId);
$session{isInGroup} = ();
}

2
lib/WebGUI/Storage.pm
View file

@ -202,7 +202,7 @@ sub addFileFromFormPost {
my $filename;
my $attachmentCount = 1;
foreach my $upload ($session{req}->upload($formVariableName)) {
last if $attachmentCount > $attachmentLimit;
return $filename if $attachmentCount > $attachmentLimit;
my $tempPath = $upload->tempname();
$filename = $upload->filename();
next unless $filename;