Re: [Zope] Prevent recursive and multiple URLs in Zope
Hello Dieter Thank you very much for your answer!
a) Philosophically: As the name "UNIQUE resource locator" already says: it is generally not good to have the same content available via different locators. Maybe, your philosophical argument is weakened when you learn that URL stands for "*UNIVERSAL* resource locator". Uh-oh, bad one ;-) Sorry for this.
It is quite common to have the same resource accessed through different URLs: often the same resource can be accessed both via HTTP and FTP, often the same (local) resource can be accessed with the "file", the "ftp" and the "http" protocol, often the same resource can be accessed via both "ftp" and "webdav" (wich is HTTP based). Yeah, and some sites are also mirrored in different locations, and so on. This makes sense, of course.
But: I am talking about "different URLs for the same thing on the same protocol on the same location". And I still insist: I feel uneasy if I know my stuff is accessible under a fantasy URL like http://mydomain/my_stuff/index_html/my_stuff/index_html/my_stuff/index_html /... (ad infinitum)
b) Technically: Working with relative links becomes unreliable and dangerous. Problem #1 causes a relative URL to sometimes work and sometimes not work, depending on whether the visitor accesses "foo/bar/" or "foo/bar". Only, when you do strange strings. Usually, Zope sets the HTML base tag, such that it does not matter whether the user uses "foo/bar/" or "foo/bar". It does? Not with my installation (2.5)! I am using the default header/footer, or looking at a zpt page (with the default code auto-created after adding it) - no base href appears. Is this a setting I must change?
Problem #2 makes relative links to be the door to infinite recursion. A simple link like "<a href="foo/">clickme</a>" will be the trap, where tumb spiders will loose themselves in a infinite loop (this was discussed shortly on this list under the subject "htdig indexing problem". When you use relative links in the same way you are forced to do it in a file system based publishing environment, there will be no infinite recursion. Simply avoid relative links containing a "/" not preceeded by "..". Use an absolute URL otherwise. Ok, but who can guarantee me that anybody working with the system (especially the non-technical guys) will always stick to this rule? Nobody! Errare humanum est. Unless I validate all user-generated code I can't expect this is done in a correct way all the time.
You may also learn about SiteAccess AccessRules (--> documentation on Zope.org). As I wrote I already checked this out: "I tried to do it using an Access Rule with SiteAccess2, but this doesn't seem to lead to a sensible solution, because an Access Rule is invoked when a folder is traversed FIRST, and in this moment it is not known which type of object the URL will call at last. So there should be something like an Access Rule to be called _at the very end_ of the traversal/acquisition process."
Kind regards, Urs ------------------------- Urs van Binsbergen van.binsbergen@taktik.ch bureau taktik GmbH Zentralstrasse 76b 8003 Zürich Telefon 01 450 34 05 -------------------------
Urs van Binsbergen writes:
...
b) Technically: Working with relative links becomes unreliable and dangerous. Problem #1 causes a relative URL to sometimes work and sometimes not work, depending on whether the visitor accesses "foo/bar/" or "foo/bar". Only, when you do strange strings. Usually, Zope sets the HTML base tag, such that it does not matter whether the user uses "foo/bar/" or "foo/bar". It does? Not with my installation (2.5)! I am using the default header/footer, or looking at a zpt page (with the default code auto-created after adding it) - no base href appears. Is this a setting I must change? Zope will only add a "base" tag when it (implicitly) changed the URL (e.g. by appending "index_html").
I have almost the same Zope version (2.5.1) and it does it for me. Moreover, it is a very old feature. It is very unlikely that recent Zope versions (from 2.1.6 onwards) do it differently.
When you use relative links in the same way you are forced to do it in a file system based publishing environment, there will be no infinite recursion. Simply avoid relative links containing a "/" not preceeded by "..". Use an absolute URL otherwise. Ok, but who can guarantee me that anybody working with the system (especially the non-technical guys) will always stick to this rule? Nobody! Errare humanum est. Unless I validate all user-generated code I can't expect this is done in a correct way all the time. Then check for them.
You may also learn about SiteAccess AccessRules (--> documentation on Zope.org). As I wrote I already checked this out: "I tried to do it using an Access Rule with SiteAccess2 ... You should read my responses more carefully ;-)
I said, forget about the trailing "/" URL problem (you correctly found out, that SiteAccess can not help you with this). Look at SiteAccess. Of course, this refers only to the remaining second problem, the repeated URL segments. Here, SiteAccess can help you... Dieter
participants (2)
-
Dieter Maurer -
Urs van Binsbergen