[Zope-CMF] Re: [Zope] Preventing duplicates in ZCatalog

Oliver Bleutgen myzope@gmx.net
Wed, 23 Apr 2003 19:03:39 +0200 

Wankyu Choi wrote:
>>>/Board/a_1			-> /a_1
>>>/Board/Board/a_1		-> /Board/a_1
>>>/Board/Board/Board/a_1		-> /Board/Board/a_1
>>>...
> 
> 
>>Another remark, there really shouldn't be links which point insert _any_ 
>>unnecessary acquisition, like /Board/Board/Board , because it could lead 
>>to infinite recursion.
> 
> 
> Yes, no one would want this crazy acquisition test being performed on his
> server. But people do. Some visitors think this is fun ;-) Well, Deep Throat
> was right. Trust no one.
> 
> Plus, VHM sometimes redirects visitors to a mapped folder prepending the
> folder's id ( I don't know why, but it does happen from time to time ):
> www.example.com/CMF, for example, where the url should have been just
> "www.example.com". And that's where this madness starts.

I have never seen that. Are you sure your rewrite rules are right? Maybe 
a trailing slash too much or missing?


> 
> Another situation with VHM: you log in as manager; manage your CMF sites;
> while you're at it, try to add/edit some content; you put yourself into this
> acquisition blackhole again.

But this does only happen due to the bug you found, doesn't it? How else 
could this give a problem?

>>>I think removing **all** instances of the container's id when 
>>>catalogging article objects should work. Currently, only the first 
>>>instance is being removed. I just didn't think acquisition would wreak 
>>>this much havoc when misused :-(
> 
> 
>>You should see what happens if you have made the above mentioned mistake 
>>and a spider/crawler hits your side. Google's 16.000 machines vs. your 
>>server, guess who looses ;) - ok, it's not that bad, but shit can hit 
>>the van.
> 
> 
> What I'm worried is not myself making mistakes with the urls in the code.
> What about visitors? Luckily, I run Squid before ZEO clients and can rewrite
> funny urls removing redundant path elements. 
> 
> Without this redirect_program script, I can't prevent users from having fun
> with this acquisition thing... or can I? 

Well, I got this idea in another thread, somewhere in your product you 
could compare URL0 (or URL1, or whatever, don't remember ATM) with 
self.absolute_url() and just return an redirect to self.absolute_url() 
if they don't match.

cheers,
oliver