[Lispweb] Araneida branch release 0.9-a1
Alan Shields
Alan-Shields at omrf.ouhsc.edu
Thu Aug 25 17:28:40 CDT 2005
First off, apologies to Marco - you're not a single shot pistol
(Derringer). I'll try to spell your last name correctly from now on.
Secondly, I've wrapped up my changes and those changes contributed to me
into a release for Araneida. I'm calling it 0.9-a1. Catchy, no?
Changelog from last official release to now included below. It's a bit
of a beast, sorry. Some of it is my fiddling around with automated
testing for Araneida.
Major changes and features:
* araneida-repl package
Adds a small spot for utilities useful(?) at the repl. Includes
SHOW-HANDLER-HIERARCHY and SHOW-LISTENER-HANDLERS, both useful for
seeing what's being handled.
* 404 errors include the url that was not found
* Got rid of a bunch of implicit generic warnings
* Petri's patches to generate lowercase html (part of move to XHTML)
with better spacing
* Petri's bugfixes for listening-p and more RFC-compliant HTTP
generation.
* Now with full cookie handling! (see doc/cookies.html )
* Now with (optional) parameter value tainting and documentation!
(see doc/request_parameters.html )
Araneida Cliki Page:
http://cliki.net/araneida
Tar file:
http://code.microarray.omrf.org/araneida/araneida-latest.tar.gz
Darcs repository:
http://code.microarray.omrf.org/darcs/alan-araneida/
Browseable darcs repository:
http://code.microarray.omrf.org/cgi-bin/darcs.cgi/alan-araneida/?c=browse
Patches:
Alan-Shields at omrf.ouhsc.edu
The tar file includes a checkpointed, partial, no-pristine darcs
repository, suitable for making patches and updating to current.
This work was made possible by my employers, the Oklahoma Medical
Research Foundation (Centola Lab).
I hope some find this useful,
Alan Shields
Changelog:
Thu Aug 25 16:51:57 CDT 2005 Alan-Shields at omrf.ouhsc.edu
tagged araneida-version-0.9-a1
Thu Aug 25 16:51:27 CDT 2005 Alan-Shields at omrf.ouhsc.edu
* Update version for 0.9-a1
Thu Aug 25 16:49:57 CDT 2005 Alan-Shields at omrf.ouhsc.edu
* Add documentation on request URL parameters as well as tainting them
Thu Aug 25 16:11:38 CDT 2005 Alan-Shields at omrf.ouhsc.edu
* Remove all the rfc2109 stuff we Just Don't Need
Thu Aug 25 15:15:54 CDT 2005 Alan-Shields at omrf.ouhsc.edu
* Resolve test.sh conflict between rfc2109 and araneida
Thu Aug 25 15:06:51 CDT 2005 Alan-Shields at omrf.ouhsc.edu
* rfc2109 - Marco applied the 5am patch, changed keyword
Marco wanted the feature keyword to be 5am. Less typing for me!
Thu Aug 25 11:59:56 CDT 2005 rich at holygoat.co.uk
* Ensure that input to destructuring-bind in parse-cookies-vnetscape is a 2-element list.
Thu Aug 25 14:39:02 CDT 2005 Alan-Shields at omrf.ouhsc.edu
* Update safe-parse-cookie to properly nconc instead of append - thanks Richard!
Whoops. I fixed the regular version but not the safe version. Heck of a lot of good that does.
Thu Aug 11 17:18:15 CDT 2005 Alan-Shields at omrf.ouhsc.edu
* rfc2109: Add basic testing and a tester
Decided to add a basic testing framework - mostly because I'm mucking about
with parsing and another library, want something to let me know when I've
REALLY screwed up.
Please note that the current stable version of FiveAM will not run these tests,
as it doesn't have the *features* that are needed to define them. I've submitted
a patch to Marco, we'll see if he adds it.
Fri Aug 19 17:56:16 CDT 2005 Alan-Shields at omrf.ouhsc.edu
* Export taint and untaint
Fri Aug 19 17:55:24 CDT 2005 Alan-Shields at omrf.ouhsc.edu
* Further updates to taint parameters
I wasn't tainting values, I was tainting the list of values. This has been fixed.
Fri Aug 19 14:54:46 CDT 2005 Alan-Shields at omrf.ouhsc.edu
* Fix to taint because of ASDF dependencies. Whoops.
Fri Aug 19 14:47:57 CDT 2005 Alan-Shields at omrf.ouhsc.edu
* Add tainted variants of query functions and optional warnings when not using them
So as to increase safety (and make some code cleaner, I've found), make tainted
versions of url-query-param and url-query-alist. Share and enjoy!
Fri Aug 19 14:20:33 CDT 2005 Alan-Shields at omrf.ouhsc.edu
* cl-taint: add the core functionality (really simple, no?)
Adds a small, small library for tainting and untainting values.
I hope to add tainted versions of parameter fetching
Fri Aug 19 14:08:55 CDT 2005 Alan-Shields at omrf.ouhsc.edu
* Correct minor whoops regarding cookies
Fri Aug 19 14:08:16 CDT 2005 Alan-Shields at omrf.ouhsc.edu
* Update cookie documentation to reflect new understanding of domain cookies
Fri Aug 19 13:52:15 CDT 2005 Alan-Shields at omrf.ouhsc.edu
* Optional condition to signal when cookie not found
In some code it's easier to assume the cookie is found and have a
signal handler for when it's not. This adds a parameter to the cookie
fetching routines that enables the signaling of said condition.
Share and enjoy.
Wed Aug 10 17:31:25 CDT 2005 Alan-Shields at omrf.ouhsc.edu
tagged rfc2109-version-0.3
Wed Aug 10 17:31:01 CDT 2005 Alan-Shields at omrf.ouhsc.edu
* rfc2109: update changelog for release
Wed Aug 10 17:27:25 CDT 2005 Alan-Shields at omrf.ouhsc.edu
* rfc2109: update version number for release
Don't really know how I missed updating the version number for 0.2 and 0.2.1...
Wed Aug 10 17:20:04 CDT 2005 Alan-Shields at omrf.ouhsc.edu
* rfc2109: add a note about Moz and IE's lack of RFC compliance
Mozilla, Links, and IE all have a problem with quoted PATHs. As quoted paths
are demanded by the RFC, there's really no way around this. Luckily, Moz
has this fixed in latest alpha. Note added to docs as well as workaround suggestion.
Bug reference:
https://bugzilla.mozilla.org/show_bug.cgi?id=277033
There is the option of adding a bonus-points-compatible-cookie-string option for
outputing compatible code, but I would really rather not go down that road.
Output strict, accept loose.
Wed Aug 10 17:18:08 CDT 2005 Alan-Shields at omrf.ouhsc.edu
* rfc2109: Update safe-parse-cookies using new understanding of domain cookies
After sorting out what the issue was with explicit domains, update safe-parse-cookies
(mostly documentation) to reflect this knowledge.
Wed Aug 10 15:09:05 CDT 2005 Alan-Shields at omrf.ouhsc.edu
* rfc2109: redefine valid domain based on a re-reading of 4.3.2
w3m and the Mozilla bugs set me straight on the reading of 4.3.2.
This patch requires an explicitly defined domain for domain, meaning
it must be:
a value
start with a "."
and contain an embedded "."
Wed Aug 10 17:56:17 CDT 2005 Alan-Shields at omrf.ouhsc.edu
* araneida: swap THREAD-ALIVE-P for UNIX-KILL
On the advice of Friedrich Dominicus <frido at q-software-solutions.de>,
swapping thread-alive-p for unix-kill makes things work on Debian for AMD64.
Seems to work for me as well - by which I mean it compiles.
Mon Aug 8 16:59:18 CDT 2005 Alan-Shields at omrf.ouhsc.edu
* Add documentation on cookies
Shows basically how to use cookies and how to use the spoofing protections.
Mon Aug 8 16:27:46 CDT 2005 Alan-Shields at omrf.ouhsc.edu
* Use RFC2109 for parsing cookies - should be drop-in replacement for current cookie code
Thu Aug 4 16:59:56 CDT 2005 Alan-Shields at omrf.ouhsc.edu
tagged version-0.2.1
Thu Aug 4 16:58:42 CDT 2005 Alan-Shields at omrf.ouhsc.edu
* Add a changelog - I'll update it each release
Thu Aug 4 16:57:26 CDT 2005 Alan-Shields at omrf.ouhsc.edu
tagged version-0.2
Thu Aug 4 16:55:58 CDT 2005 Alan-Shields at omrf.ouhsc.edu
* Implement domain-match-p
While debugging an issue with w3m and cookies (which hasn't gone away, btw),
I needed to check my knowledge of a "domain-match" - I've included the function
in case others find it useful.
Thu Aug 4 16:53:36 CDT 2005 Alan-Shields at omrf.ouhsc.edu
* parse-cookie-string needs to allow quoted strings inside it
Wrote a small tokenizer that splits - taking into account quoted strings.
We're really getting to the point that a pattern language would be useful.
Anyways, it works well, now.
Thu Aug 4 16:52:46 CDT 2005 Alan-Shields at omrf.ouhsc.edu
* No longer demand domains of the style ".blah.blah"
Turns out that the RFC allows (in fact desires) domains of the style "blah.blah",
so those are now legal.
Thu Aug 4 16:49:59 CDT 2005 Alan-Shields at omrf.ouhsc.edu
* Fix QUOTED-STRING? to take into account escaped quotes
You know, I wrote a function to remove escaped quotes from a string...
amazing that I didn't use it. Now I do.
Also, I tucked the helper function for removing escaped quotes into
the function that uses it. Much cleaner that way.
Thu Aug 4 14:09:39 CDT 2005 Alan-Shields at omrf.ouhsc.edu
tagged version-0.1
Thu Aug 4 14:07:43 CDT 2005 Alan-Shields at omrf.ouhsc.edu
* ASDF package
Wed Aug 3 19:36:05 CDT 2005 Alan-Shields at omrf.ouhsc.edu
* Mention split-sequence
Wed Aug 3 19:30:30 CDT 2005 Alan-Shields at omrf.ouhsc.edu
* Parse Netscape-style cookies
Wed Aug 3 19:29:56 CDT 2005 Alan-Shields at omrf.ouhsc.edu
* Wrap assemble-matches in an eval-when so it's available at macro time
Wed Aug 3 19:28:44 CDT 2005 Alan-Shields at omrf.ouhsc.edu
* Quiet the compiler about *ht* *cr* and *lf*
SBCL was whining about vars being used before they're declared. Sensible, I suppose.
Moved and made a note.
Wed Aug 3 18:56:48 CDT 2005 Alan-Shields at omrf.ouhsc.edu
* Parse cookies
We now parse RFC2109 cookies. We don't parse old Netscape cookies just yet.
Wed Aug 3 18:55:38 CDT 2005 Alan-Shields at omrf.ouhsc.edu
* Swap arefs for elts when accessing strings
Wed Aug 3 16:44:49 CDT 2005 Alan-Shields at omrf.ouhsc.edu
* Tiny patch - update comment for domain
Wed Aug 3 16:32:57 CDT 2005 Alan-Shields at omrf.ouhsc.edu
* cookie-struct
Add a structure for cookies, for those who like that sort of thing.
Wed Aug 3 16:29:54 CDT 2005 Alan-Shields at omrf.ouhsc.edu
* Fix token? and quoted-string? to account for empty and non-empty strings
The specification for tokens says that they must be at least one character.
Fixed.
The specification for quoted strings says that the empty quoted string is
acceptible. Fixed. So we can now have "" values.
Wed Aug 3 15:23:46 CDT 2005 Alan-Shields at omrf.ouhsc.edu
* Include the license text and some bookmark-like strings
Marco suggested that I include the license text in its entirety.
Also included some text strings that are easy to find so as to get
to the most externally-relevant code.
Mon Aug 8 15:44:14 CDT 2005 Alan-Shields at omrf.ouhsc.edu
* Turn off testing
Okay, run test.sh by hand if you care. It was just getting annoying to
work with. I'll run it by hand before I commit, but other people don't
have SBCL.
Tue Aug 2 18:59:51 CDT 2005 Alan-Shields at omrf.ouhsc.edu
* Move rfc2109 into utilities where it belongs
Tue Aug 2 18:39:48 CDT 2005 Alan-Shields at omrf.ouhsc.edu
* Initial creation of rfc2109.lisp
Basic functionality works - you can create RFC compliant cookies.
Tue Jul 5 18:00:49 CDT 2005 Alan-Shields at omrf.ouhsc.edu
* test.lisp "works" on SBCL
Implements my-quit, to abstract away quitting - only works for SBCL right now.
Get rid of the debugger, just quit instead.
Block some SBCL-specific warnings, get muffle warning working, and that yields
a working test!
Tue Jul 5 17:02:30 CDT 2005 Alan-Shields at omrf.ouhsc.edu
* Fix muffle-warning error in test.lisp, re-enable muffled warnings
Turns out that muffle-warning is a restart that I needed to add. I added it.
Cleans up output beautifully, though SBCL shows that 2 important errors are caught.
I think those are the "cannot optimize" errors that used to show up.
Tue Jul 5 16:19:13 CDT 2005 Alan-Shields at omrf.ouhsc.edu
* Add documentation string for +allowed-url-symbols+
Tue Jul 5 16:09:01 CDT 2005 Alan-Shields at omrf.ouhsc.edu
* +allowed-url-symbols+ as parameter, not constant
reference http://www.sbcl.org/manual/Defining-Constants.html#Defining%20Constants
defconstant ran into trouble on compile/load, due to the issues described in the above document
(basically being compiled then loaded produces an undefined situation for constants. Joy, no?).
This could be solved either by a macro to only define the constant once, or by making the constant
a parameter. I went with the latter option.
Tue Jul 5 15:57:12 CDT 2005 Alan-Shields at omrf.ouhsc.edu
* Temporarily eliminate all references to muffle-warning
For some reason, muffle-warning is not available. I'll have to come back through
and make it available. In the meantime, make things work.
Tue Jun 28 14:38:45 CDT 2005 petri.latvala at realityescape.net
* Generate lower-case HTML with less redundant spaces
Tue Jun 28 16:19:18 CDT 2005 Alan-Shields at omrf.ouhsc.edu
* Basic "does-it-compile" testing, with error counting.
Add the ability to check and make sure that the araneida system
in the current directory does - in fact - compile.
A report is generated at the end with a count of errors.
The script will error out with 1 if any serious conditions are encountered
while compiling.
Sun Jun 26 22:13:37 CDT 2005 petri.latvala at realityescape.net
* Export request-response-logging
Sun Jun 26 07:56:31 CDT 2005 petri.latvala at realityescape.net
* Stop-listening didn't make listening-p return t because it didn't setf the socket to nil
Sun Jun 26 07:54:13 CDT 2005 petri.latvala at realityescape.net
* The end of headers needs to be CRLFCRLF, not CRLFLF
Fri Jun 24 10:38:08 CDT 2005 Petri Latvala <petri.latvala at realityescape.net>
* Minor typo corrections
Thu Jun 16 19:17:56 CDT 2005 Alan-Shields at omrf.ouhsc.edu
* Eliminate implicit generic style warnings by adding generics - also includes some extra documentation
Moved docstrings from methods to generics, added necessary generics, etc, etc, etc. Documentation
should exist for all the generics I added...though maybe not.
Thu Jun 16 19:08:49 CDT 2005 Alan-Shields at omrf.ouhsc.edu
* Include the request-url for errors
404 errors were difficult to track down, as they only showed up as "404". So I
altered error reporting to include the URL requested.
Thu Jun 16 17:55:41 CDT 2005 Alan-Shields at omrf.ouhsc.edu
* araneida-repl-create
Create the araneida-repl directory, and include the first functions that
are designed to be used from the repl to get information about araneida.
I suppose that these could be useful outside of the repl, but I didn't think
cluttering up araneida proper was such a great idea.
More information about the lispweb
mailing list