 |
|
You are here: Foswiki>Support Web>SupportQuestions>Question461 (14 Mar 2010, DougClaar)Edit Attach
This question about Missing functionality: Answered
Finer grained control of %INCLUDE{"url"}?
It is great that you can turn on or off%INCLUDE{"url"}, but it would be nice if there were finer-grained control.
Ideally, this would be a regular expression controlling what URLs could be specified, but a good start might be to expand the configuration parameter to three options: Yes, no, and local. The new choice local would allow only URLs on the same system to be accessed. I know, that may not be as easy as it sounds, because of the ability to write weirdly convoluted URLs that most of us have seen in spam, but if local only allowed relatively straight-forward URLs, it could work.
I can obviously change my local copy of Foswiki/IncludeHandlers/http.pm, and even contribute my changes back, but in either case, I don't want to veer too far away from the direction that foswiki is heading, so I thought I'd post this question.
Does "local" seem like a logical first step? Should I just hack out a include_local_url plugin? What do folks think?
I think I'm just going to add an IncludeHandler and make up a URLish type thing; maybe local:// or file://, check that it doesn't have nasty characters in it, and point it at the web server. This is on an intranet, so I'm not too worried about hackers, but I will take some basic precautions.
-- DougClaar
Tricky. The main reason for not wanting to do this is that it is relatively easy to use it to redirect or misdirect URL requests. As you observe, weird and convoluted URLs are bread and butter to spammers and other criminals.
How about contributing back a contrib that has an alternate implementation of http.pm (or your alternative protocol)? That way someone can come along later and install your contrib to replace the default (paranoid) handling. I quite like the idea of a local: protocol handler, personally, though I'm sure some people would react strongly to the implied abuse of the RFCs.
-- CrawfordCurrie - 11 Mar 2010
Contributing a contrib ain't easy! Going over to the System.Contribs, I find that several of the topics are missing; the ones about setting up with SVN don't work...It's pretty frustrating for a new guy. I'm tempted to punt--I've got real work™ to do, and I've solved my company's problem--but I'll probably beat my head against the wall a bit more, it just won't happen very quickly. In the meantime, here's my solution: local.pm: lib/Foswiki/IncludeHandlers/local.pm - support for local: URL-ish thingie
-- DougClaar
Actually it is easy, if you know what to read; you started on a topic that hasn't been updated for a long time (I will raise a task to get it fixed). Start instead in ExtensionDeveloperGuide
Sadly if everyone walked away from contributing because of a lack of documentation, there would be no free software for your company to use.
-- CrawfordCurrie - 13 Mar 2010
That's why I whined. 
Knowing what to read is the key, or rather, finding what to read!
Here's what I did: I wanted to know "how do I create a contrib?" So I searched for "contrib". The System.Contribs page showed up, and it seemed to be the closest match.
BTW, I have contributed to several different open source efforts, although many of those are structured so that you can provide a patch to the maintainer, and it magically gets incorporated, which makes the barrier to entry particularly low.
I'll head off and check out the link you pointed to, and beat on it some more!
-- DougClaar - 13 Mar 2010
QuestionForm edit
| Subject | Missing functionality |
| Extension | |
| Version | Foswiki 1.0.9 |
| Status | Answered |
Edit | Attach | Print version | History: r7 < r6 < r5 < r4 | Backlinks | View wiki text | Edit wiki text | More topic actions
Topic revision: r7 - 14 Mar 2010, DougClaar
The copyright of the content on this website is held by the contributing authors, except where stated elsewhere. See Copyright Statement. 
Legal Imprint Privacy Policy
Legal Imprint Privacy Policy