[4suite-dev] checkin - URIs URIs URIs

Mike Brown mike at skew.org
Sun Dec 15 18:48:25 MST 2002 

The following URI related changes are checked in.
Things seem to work, but who knows; I probably broke everything.
Give things a shot and see how they do.

The two big consequences are:

1. From within the repo, the local filesystem is now inaccessible
via a URI. 'file' URIs are now repo references only (when such URIs
are encountered in a document in the repo).

2. We already were moving in this direction, but now it is especially
important: when your document has URI references in it, you have to
ensure that the document's URI is established, so that these references
can be resolved using that URI as the base, when necessary.

Regarding #1, obviously this is going to break things for Evan and Uche (as
per Uche's post the other day), but from a security standpoint I think it's
better to start from the POV that the system is closed and then think about
where and how to open it up, then to leave the gaping hole and be coming up
with ad-hoc plugs.

I'm leaning toward a completely unambiguous URI scheme, one that
always means local filesystem, not repo. But I can also see the advantage
of being able to flip a switch to change the meaning of the 'file' scheme.

What are the use cases where real filesystem access is needed?
Apparently EXSLT's <exsl:document/> is one that people are depending on...


(checkin info below)


Mike

-- 
  Mike J. Brown   |  http://skew.org/~mike/resume/
  Denver, CO, USA |  http://skew.org/xml/



Ft/Lib/Uri.py
=============
New UriDict class (a UserDict) treats URIs that start with
'file://localhost/' and those that start with 'file:///' as
identical keys.

Added new _getScheme() helper to efficiently extract the scheme
of the given absolute URI.

OsPathToUri() returns 'file:///path/to/file' now rather than
'file:/path/to/file', and several bugs/inconsistencies in the
Windows version of urllib.pathname2url() have been worked around.

BaseUriResolver.normalize() now uses absolutize() instead of
urlparse.urljoin(). It always returns an absolute (scheme-having) URI
now, never just a path, but it still accepts a schemeless 'file' URI
as input.


Ft/Server/Server/Drivers/FtssInputSource.py
===========================================
_openStream() now assumes that a 'file' URI with no host or with
'localhost' host is a reference to a resource in the repo, not the
local filesystem, and rejects 'file' URIs with unknown hosts.

_openStream() now properly converts a URI with a hierarchical
path to a repo path, if the URI is determined to be a reference
to a resource in the repo. Previously, it only handled relative
(schemeless) URIs.


Ft/Xml/Xslt/XsltContext.py
==========================
Use UriDict instead of regular dictionary for document cache, so that
'file://localhost/' is treated same as 'file:///'


test/Lib/test_uri.py
====================
Run cwd thru OsPathToUri() before using it as a base URI.
Use os.linesep instead of hard-coded linefeed.

test/Xml/Xslt/Core/basic_test.py
test/Xml/Xslt/Core/test_apply_imports.py
test/Xml/Xslt/Core/test_exslt.py
test/Xml/Xslt/Core/test_copy_of.py
========================================
Ensure that stylesheet document URIs are set and usable as base URIs.

More information about the 4suite-dev mailing list