cross
New Foswiki release 2.1.6 is available with important security fixes.
Sourceforge foswiki email lists being discontinued. Subscribe to the new Foswiki announce and discuss lists at MailingLists
This question about Missing functionality: Answered

Finer grained control of %INCLUDE{"url"}?

It is great that you can turn on or off %INCLUDE{"url"}, but it would be nice if there were finer-grained control.

Ideally, this would be a regular expression controlling what URLs could be specified, but a good start might be to expand the configuration parameter to three options: Yes, no, and local. The new choice local would allow only URLs on the same system to be accessed. I know, that may not be as easy as it sounds, because of the ability to write weirdly convoluted URLs that most of us have seen in spam, but if local only allowed relatively straight-forward URLs, it could work.

I can obviously change my local copy of Foswiki/IncludeHandlers/http.pm, and even contribute my changes back, but in either case, I don't want to veer too far away from the direction that foswiki is heading, so I thought I'd post this question.

Does "local" seem like a logical first step? Should I just hack out a include_local_url plugin? What do folks think?

I think I'm just going to add an IncludeHandler and make up a URLish type thing; maybe local:// or file://, check that it doesn't have nasty characters in it, and point it at the web server. This is on an intranet, so I'm not too worried about hackers, but I will take some basic precautions.

-- DougClaar

Tricky. The main reason for not wanting to do this is that it is relatively easy to use it to redirect or misdirect URL requests. As you observe, weird and convoluted URLs are bread and butter to spammers and other criminals.

How about contributing back a contrib that has an alternate implementation of http.pm (or your alternative protocol)? That way someone can come along later and install your contrib to replace the default (paranoid) handling. I quite like the idea of a local: protocol handler, personally, though I'm sure some people would react strongly to the implied abuse of the RFCs.

-- CrawfordCurrie - 11 Mar 2010

Contributing a contrib ain't easy! Going over to the System.Contribs, I find that several of the topics are missing; the ones about setting up with SVN don't work...It's pretty frustrating for a new guy. I'm tempted to punt--I've got real work™ to do, and I've solved my company's problem--but I'll probably beat my head against the wall a bit more, it just won't happen very quickly. In the meantime, here's my solution: local.pm: lib/Foswiki/IncludeHandlers/local.pm - support for local: URL-ish thingie

-- DougClaar

Actually it is easy, if you know what to read; you started on a topic that hasn't been updated for a long time (I will raise a task to get it fixed). Start instead in ExtensionDeveloperGuide

Sadly if everyone walked away from contributing because of a lack of documentation, there would be no free software for your company to use.

-- CrawfordCurrie - 13 Mar 2010

That's why I whined. smile Knowing what to read is the key, or rather, finding what to read!

Here's what I did: I wanted to know "how do I create a contrib?" So I searched for "contrib". The System.Contribs page showed up, and it seemed to be the closest match. BTW, I have contributed to several different open source efforts, although many of those are structured so that you can provide a patch to the maintainer, and it magically gets incorporated, which makes the barrier to entry particularly low.

I'll head off and check out the link you pointed to, and beat on it some more!

-- DougClaar - 13 Mar 2010

QuestionForm edit

Subject Missing functionality
Extension
Version Foswiki 1.0.9
Status Answered
Topic attachments
I Attachment Action Size Date Who Comment
local.pmpm local.pm manage 4 K 12 Mar 2010 - 21:05 DougClaar lib/Foswiki/IncludeHandlers/local.pm - support for local: URL-ish thingie
Topic revision: r7 - 14 Mar 2010, DougClaar - This page was cached on 16 Aug 2018 - 11:52.

The copyright of the content on this website is held by the contributing authors, except where stated elsewhere. See Copyright Statement. Creative Commons License    Legal Imprint    Privacy Policy