cross
New Foswiki release 2.1.6 is available with important security fixes.
Sourceforge foswiki email lists being discontinued. Subscribe to the new Foswiki announce and discuss lists at MailingLists

Feature Proposal: Templates and Topics should use SCRIPTURLPATH

Motivation

See Support.Question1213. Even the SCRIPTURL macro documentation states "In most cases you should use SCRIPTURLPATH instead, as it works much better with URL rewriting."   We should follow our own guidance in the templates.

Description and Documentation

Currently the SCRIPTURL macro sets the "absolute" flag, so that it always returns absolute links. SCRIPTURPATH clears the "absolute" flag, causing it to fall back to "magic" in Foswiki::getScriptUrl()

The magic that forces absolute URLs currently is:
  • $this->inContext('command_line')
  • $this->inContext('absolute_urls')
It also is documented that setting either {ScriptUrlPath} and/or {ScriptUrlPaths}{script} to an absolute path will also force absolute URLs.

Examples

Impact

%WHATDOESITAFFECT%
edit

Implementation

  • Change all templates to use the SCRIPTURLPATH macro wherever possible.
  • Ensure that any existing plugins and operations that generate email properly enter the absolute_urls context. This includes MailerContrib, User Registration, Password Reset, etc.

-- Contributors: GeorgeClark - 18 Jan 2016

Discussion

CDot and I had a very brief discussion regarding this. The concern is that there might have been some security concerns for using absolute vs. relative URLs.

-- Main.GeorgeClark - 18 Jan 2016

Note that this also covers PUBURL and PUBURLPATH

-- GeorgeClark - 09 Feb 2016
 
Topic revision: r4 - 05 Dec 2017, GeorgeClark - This page was cached on 23 Jun 2018 - 07:00.

The copyright of the content on this website is held by the contributing authors, except where stated elsewhere. See Copyright Statement. Creative Commons License    Legal Imprint    Privacy Policy