Menu
▾
▴
pagekit-users — Discussions among Page users.
You can subscribe to this list here.
| 2000 |
Jan
|
Feb
|
Mar
|
Apr
|
May
|
Jun
|
Jul
|
Aug
(2) |
Sep
|
Oct
|
Nov
(2) |
Dec
|
|---|---|---|---|---|---|---|---|---|---|---|---|---|
| 2001 |
Jan
(2) |
Feb
(1) |
Mar
|
Apr
(18) |
May
(53) |
Jun
(76) |
Jul
(13) |
Aug
(11) |
Sep
(3) |
Oct
(26) |
Nov
(12) |
Dec
(14) |
| 2002 |
Jan
(5) |
Feb
(21) |
Mar
(34) |
Apr
(34) |
May
(11) |
Jun
(5) |
Jul
(4) |
Aug
(58) |
Sep
(50) |
Oct
(32) |
Nov
(56) |
Dec
(3) |
| 2003 |
Jan
(7) |
Feb
(21) |
Mar
(9) |
Apr
(2) |
May
(2) |
Jun
(29) |
Jul
(7) |
Aug
(5) |
Sep
(15) |
Oct
(18) |
Nov
(6) |
Dec
(10) |
| 2004 |
Jan
(14) |
Feb
(6) |
Mar
(17) |
Apr
(33) |
May
(13) |
Jun
(9) |
Jul
(22) |
Aug
(15) |
Sep
(9) |
Oct
(7) |
Nov
(19) |
Dec
(7) |
| 2005 |
Jan
(2) |
Feb
(4) |
Mar
(1) |
Apr
|
May
(3) |
Jun
|
Jul
|
Aug
(2) |
Sep
|
Oct
|
Nov
(10) |
Dec
|
| 2006 |
Jan
(4) |
Feb
|
Mar
(2) |
Apr
|
May
|
Jun
(4) |
Jul
(10) |
Aug
(1) |
Sep
(2) |
Oct
(2) |
Nov
|
Dec
|
| 2007 |
Jan
|
Feb
|
Mar
|
Apr
(2) |
May
|
Jun
|
Jul
|
Aug
(16) |
Sep
(6) |
Oct
(2) |
Nov
|
Dec
|
| 2013 |
Jan
|
Feb
|
Mar
|
Apr
|
May
|
Jun
|
Jul
(1) |
Aug
(1) |
Sep
|
Oct
|
Nov
|
Dec
|
| 2014 |
Jan
|
Feb
(2) |
Mar
(1) |
Apr
|
May
|
Jun
|
Jul
|
Aug
|
Sep
|
Oct
|
Nov
|
Dec
|
| 2015 |
Jan
|
Feb
|
Mar
|
Apr
|
May
|
Jun
(2) |
Jul
|
Aug
|
Sep
|
Oct
|
Nov
|
Dec
|
|
From: Shimon R. <sh...@ru...> - 2006-07-23 13:38:20
|
Hi everyone, I have a pagekit app that I'd like to make easily installable on customers' computers. Unfortunately this does not seem simple as it usually takes me about an hour of installing things just to get my own app deployed on a new computer. Ideally, deployment would be as simple as a download-and-run CGI script. This means: 1. app must run either as a CGI or provide its own persistent envionment that can be accessed from a CGI frontend 2. all dependencies must be packaged with the app 3. should run anywhere Perl runs, i.e. does not ship with binaries but may compile them at install-time I've noticed that Boris offers a free evaluation installation of PageKit on Linux systems at http://pagekit.org. It sounds like this might meet criteria #1 and #2; my guess is that it runs on a bundled apache/mod_perl server binary. If that could be (1) made available and (2) made to run on other Unix OSes, that might be helpful. Other approaches I'm considering: 1. Run the app as a CGI: probably workable, but may be very slow. I recall seeing something about doing this on the mailing list or somewhere, but can't dig it up now. Pointers would be appreciated. 2. Bundle a lightweight pure-Perl webserver: this may be difficult, as you'd have to reproduce certain parts of the apache API, but might be a simple way to avoid CGI overhead. If this could be made to work it would almost certainly be the best solution. 3. Ship a complete virtual machine: deliver a complete system image, to be run under VMWare player or a similar virtualization system. This would probably be a Linux system with apache, mod_perl, and all required modules, connected to either a bundled PostgreSQL database or to an external database determined by the user. Has anyone here ever built this sort of easy-deploy system? I think it would be of great value to the PageKit community and would love to get a reusable version released as free software along with PageKit. Your advice and ideas will be most appreciated. thanks, shimon. |
|
From: Collin S. <col...@co...> - 2006-07-22 00:37:10
|
I finally got my site running again with the latest Apache2 and mod_perl2, but it's not pretty. The issue concerns a symlink I have from /app/apache2/site/www.collinstarkweather.com/pagekit -> /home/olsonco/site/www.collinstarkweather.com/pagekit I've used PageKit with the site for many years, and suddenly I am getting errors of the form Symbolic link not allowed: /app/apache2/site/www.collinstarkweather.com/pagekit I moved the directory in question from /home/olsonco to /app/apache2, which eliminates the symlink, but my /home partition is large and my /app partition is small. Not a good long-term solution. As I've had the site running with the symlink for many moons, I am at a bit of a loss. Has something changed with Apache or mod_perl recently? My Apache configuration is given below my sig. If this rings a bell for anyone, any insights would be appreciated. Thanks, -Collin -- Collin Starkweather http://www.collinstarkweather.com In /etc/apache2/httpd.conf: PerlSetVar PKIT_ROOT /app/apache2/site/www.collinstarkweather.com/pagekit PerlSetVar PKIT_SERVER staging In /etc/apache2/vhosts.d/01_www_collinstarkweather_com.conf: <VirtualHost *:80> ServerAdmin bog...@co... DocumentRoot /app/apache2/site/www.collinstarkweather.com/pagekit/View/Default CustomLog /app/apache2/site/www.collinstarkweather.com/logs/access_log combined CustomLog /app/apache2/site/www.collinstarkweather.com/logs/referer_log referer CustomLog /app/apache2/site/www.collinstarkweather.com/logs/agent_log agent ErrorLog /app/apache2/site/www.collinstarkweather.com/logs/error_log ServerName www.collinstarkweather.com SetHandler perl-script PerlHandler +Apache2::PageKit <Perl> use Apache2::PageKit; Apache2::PageKit->startup; </Perl> PerlRequire /app/apache2/site/www.collinstarkweather.com/scripts/startup.pl PerlModule Apache2::ErrorReport PerlSetVar ErrorReportHandler display </VirtualHost> |
|
From: Collin S. <col...@co...> - 2006-07-21 20:35:08
|
Boris Zentner wrote: > Hi Collin, > > Am 16.07.2006 um 22:02 schrieb Collin Starkweather: > >> I get a "too many connections" error from MySQL with version 2.14.14 >> after my >> site has been up for any amount of time. I notice that there are >> hundreds of >> stale database handles lying about, but the only use of MySQL is for >> Apache::PageKit session tracking. That is, there is no other >> functionality >> associated with the web pages that access MySQL. >> >> E.g., after just a few page loads following a restart of both Apache >> and MySQL, >> I see >> >> root@www$ ps auxww | grep mysql | wc >> 114 2153 30556 >> root@www$ >> >> Is this a known issue with 2.14.14? >> >> > > No, your Apache::DBI is not loaded/installed. I guess it is not > installed in your new httpd's httpd.conf. After some sleuthing, I figured out that this was caused by the fact that I had not updated my equivalent of MyPageKit::Common. I needed to replace return DBI->connect(...) with return DBI->connect_cached(...) Cheers, -Collin -- Collin Starkweather http://www.collinstarkweather.com |
|
From: Collin S. <col...@co...> - 2006-07-19 22:07:47
|
I got everything up and running, for a while at least.
Then for some reason, just today the server started giving me error
messages of the form
[Wed Jul 19 21:49:52 2006] Global $r object is not available.
Set:\n\tPerlOptions +GlobalRequest\nin httpd.conf at \
/usr/lib/perl5/site_perl/5.8.8/Apache2/ErrorReport.pm line 30.\n
I did not make any changes or updates to Apache, mod_perl, or my PageKit
configuration, so I am at a loss. Furthermore, according to
http://perl.apache.org/docs/2.0/user/config/config.html#C_GlobalRequest_
the GlobalRequest option is supposed to be set by default by "SetHandler
perl-script" so I shouldn't have to use the "PerlOptions
+GlobalRequest" directive.
I tried to use it anyway, and suddenly I was getting "Symbolic link not
allowed" error messages. (I have a symlink from
/app/apache2/site/www.foo.com to /home/someuser/site/www.foo.com that it
is apparently barfing on.) I have never had a problem with the symlinks
in the past, and haven't updated Apache or mod_perl since it was working
last, so I'm a bit mystified.
Has anyone encountered anything like this? Any thoughts would be
appreciated.
Thanks,
-Collin
--
Collin Starkweather, Ph.D.
http://www.collinstarkweather.com
|
|
From: Boris Z. <bz...@2b...> - 2006-07-16 21:31:04
|
Hi Collin, Am 16.07.2006 um 22:02 schrieb Collin Starkweather: > I get a "too many connections" error from MySQL with version > 2.14.14 after my > site has been up for any amount of time. I notice that there are > hundreds of > stale database handles lying about, but the only use of MySQL is for > Apache::PageKit session tracking. That is, there is no other > functionality > associated with the web pages that access MySQL. > > E.g., after just a few page loads following a restart of both > Apache and MySQL, > I see > > root@www$ ps auxww | grep mysql | wc > 114 2153 30556 > root@www$ > > Is this a known issue with 2.14.14? > > No, your Apache::DBI is not loaded/installed. I guess it is not installed in your new httpd's httpd.conf. > Thanks much, > > -Collin > > -- > Collin Starkweather, Ph.D. > http://www.collinstarkweather.com > > > ---------------------------------------------------------------- > This message was sent using IMP, the Internet Messaging Program. > > > > ---------------------------------------------------------------------- > --- > Using Tomcat but need to do more? Need to support web services, > security? > Get stuff done quickly with pre-integrated technology to make your > job easier > Download IBM WebSphere Application Server v.1.0.1 based on Apache > Geronimo > http://sel.as-us.falkag.net/sel? > cmd=lnk&kid=120709&bid=263057&dat=121642 > _______________________________________________ > Pagekit-users mailing list > Pag...@li... > https://lists.sourceforge.net/lists/listinfo/pagekit-users -- Boris |
|
From: Boris Z. <bz...@2b...> - 2006-07-16 21:28:58
|
Hi Collin,
Am 16.07.2006 um 21:28 schrieb Collin Starkweather:
> Thanks for your quick response, Boris. I figured out what the
> problem was. I
> did not have a
>
> LoadModule apreq_module modules/mod_apreq2.so
>
> in httpd.conf. I use Gentoo, which is normally very good about
> catching details
> like this, but I guess they dropped the ball on the libapreq2 build.
>
> The errors were appearing in the main Apache error log
> (/var/log/apache2/error_log) rather than the virtual host error
> log, so I did
> not see them at first. I also noticed that with recent versions of
> Apache,
> STDERR is redirected to the main log rather than than of the
> virtual host.
>
> For the record, the error message was
>
> /usr/sbin/apache2: symbol lookup error:
> /usr/lib/perl5/site_perl/5.8.6/i686-linux/auto/APR/Request/Apache2/
> Apache2.so:
> undefined symbol: apreq_handle_apache2
>
> Cheers,
>
> -Collin
>
> P.S. I could not get Apache to recognize APREQ2_ReadLimit
> 100000000 as a valid
> directive (and Google didn't turn up anything).
>
c) change this line in ./Apache/PageKit.pm:
my $post_max = $self->{config}->get_global_attr('post_max') ||
100_000_000;
to
my $post_max = $self->{config}->get_global_attr('post_max') ||
64_000_000;
I change that in the next version of A::P anyway.
> --
> Collin Starkweather, Ph.D.
> http://www.collinstarkweather.com
>
>
> Quoting Boris Zentner <bz...@2b...>:
>
>> Hi Collin,
>>
>> I guess the problem is, that the uploadlimit from libapreq2 has
>> changed to a new lower limit. The solution is
>>
>> a)
>> set your post_max in pagekits global config file to a value >=
>> 64_000_000 (64MB)
>>
>> b)
>> to raise the limit in your httpd.conf file. with
>>
>> APREQ2_ReadLimit 100000000
>>
>>
>>
>> Am 15.07.2006 um 05:21 schrieb Collin Starkweather:
>>
>>> I recently upgraded to Apache2::Pagekit 2.14.14 (w/mod_perl 2.0.1
>>> and apache2
>>> 2.0.58) and have been having significant problems with the install.
>>>
>>> I narrowed the error down to Apache2::Request::PageKit:
>>>
>>> --
>>> package Apache2::Request::PageKit;
>>> ...
>>> # object oriented method call, see Eagle p.65
>>> sub handler : method {
>>> ...
>>> eval {
>>> $pk = $class->new( $requestrec );
>>> ^^^^^ THE ERROR OCCURS AS THE OBJECT IS INSTANTIATED ^^^^
>>> ...
>>> };
>>> ^^^^^ ?!? THE METHOD CALL DOES NOT SEEM TO GET TO ?!? ^^^^
>>> ^^^^^ ?!? THIS POINT DESPITE THE EVAL -- I'VE TESTED ?!? ^^^^
>>> ^^^^^ ?!? IT WITH die "Error: $@" if $@ ?!? ^^^^
>>> --
>>>
>>> but I can't figure out how to debug from here given that a
>>>
>>> die "Error: $@" if $@;
>>>
>>> after the eval does not produce any output in error_log (and
>>> presumably the
>>> method is not even getting to this point.)
>>>
>>> My Config.xml GLOBALS and SERVERS tags are straightforward:
>>>
>>> --
>>> <GLOBAL
>>> default_page = "index"
>>> fop_command = "/usr/java/jdk1.3.0_02/bin/java -cp
>>> /usr/local/javaclass/fop org.apache.fop.apps.CommandLine"
>>> gzip_output = "static"
>>> login_page="login1"
>>> model_base_class="PageKit::Common"
>>> model_dispatch_prefix="PageKit::CollinStarkweather::App"
>>> recent_login_timeout="10"
>>> session_expires="+1y"
>>> />
>>> <SERVERS>
>>> <SERVER id="production"
>>> reload="no"/>
>>> <SERVER id="staging"
>>> can_edit="yes"
>>> reload="yes"/>
>>> </SERVERS>
>>> --
>>>
>>> as is my httpd.conf configuration
>>>
>>> --
>>> # For some reason PageKit doesn't see these if they are put in
>>> # the VirtualHost directive
>>> PerlSetVar PKIT_ROOT /app/apache2/site/www.collinstarkweather.com/
>>> pagekit
>>> PerlSetVar PKIT_SERVER staging
>>>
>>> <VirtualHost *:80>
>>> ...
>>> SetHandler perl-script
>>> PerlHandler +Apache2::PageKit
>>> <Perl>
>>> use Apache2::PageKit;
>>> Apache2::PageKit->startup;
>>> </Perl>
>>> PerlRequire /app/apache2/site/www.collinstarkweather.com/scripts/
>>> startup.pl
>>> PerlModule Apache2::ErrorReport
>>> PerlSetVar ErrorReportHandler display
>>> </VirtualHost>
>>> --
>>>
>>> I'm certainly willing to try to debug things myself, but am stuck.
>>>
>>> Thanks,
>>>
>>> -Collin
>
>
> ----------------------------------------------------------------
> This message was sent using IMP, the Internet Messaging Program.
>
>
>
> ----------------------------------------------------------------------
> ---
> Using Tomcat but need to do more? Need to support web services,
> security?
> Get stuff done quickly with pre-integrated technology to make your
> job easier
> Download IBM WebSphere Application Server v.1.0.1 based on Apache
> Geronimo
> http://sel.as-us.falkag.net/sel?
> cmd=lnk&kid=120709&bid=263057&dat=121642
> _______________________________________________
> Pagekit-users mailing list
> Pag...@li...
> https://lists.sourceforge.net/lists/listinfo/pagekit-users
--
Boris
|
|
From: Collin S. <col...@co...> - 2006-07-16 20:03:05
|
I get a "too many connections" error from MySQL with version 2.14.14 after my
site has been up for any amount of time. I notice that there are hundreds of
stale database handles lying about, but the only use of MySQL is for
Apache::PageKit session tracking. That is, there is no other functionality
associated with the web pages that access MySQL.
E.g., after just a few page loads following a restart of both Apache and MySQL,
I see
root@www$ ps auxww | grep mysql | wc
114 2153 30556
root@www$
Is this a known issue with 2.14.14?
Thanks much,
-Collin
--
Collin Starkweather, Ph.D.
http://www.collinstarkweather.com
----------------------------------------------------------------
This message was sent using IMP, the Internet Messaging Program.
|
|
From: Collin S. <col...@co...> - 2006-07-16 19:29:01
|
Thanks for your quick response, Boris. I figured out what the problem was. I did not have a LoadModule apreq_module modules/mod_apreq2.so in httpd.conf. I use Gentoo, which is normally very good about catching details like this, but I guess they dropped the ball on the libapreq2 build. The errors were appearing in the main Apache error log (/var/log/apache2/error_log) rather than the virtual host error log, so I did not see them at first. I also noticed that with recent versions of Apache, STDERR is redirected to the main log rather than than of the virtual host. For the record, the error message was /usr/sbin/apache2: symbol lookup error: /usr/lib/perl5/site_perl/5.8.6/i686-linux/auto/APR/Request/Apache2/Apache2.so: undefined symbol: apreq_handle_apache2 Cheers, -Collin P.S. I could not get Apache to recognize APREQ2_ReadLimit 100000000 as a valid directive (and Google didn't turn up anything). -- Collin Starkweather, Ph.D. http://www.collinstarkweather.com Quoting Boris Zentner <bz...@2b...>: > Hi Collin, > > I guess the problem is, that the uploadlimit from libapreq2 has > changed to a new lower limit. The solution is > > a) > set your post_max in pagekits global config file to a value >= > 64_000_000 (64MB) > > b) > to raise the limit in your httpd.conf file. with > > APREQ2_ReadLimit 100000000 > > > > Am 15.07.2006 um 05:21 schrieb Collin Starkweather: > > > I recently upgraded to Apache2::Pagekit 2.14.14 (w/mod_perl 2.0.1 > > and apache2 > > 2.0.58) and have been having significant problems with the install. > > > > I narrowed the error down to Apache2::Request::PageKit: > > > > -- > > package Apache2::Request::PageKit; > > ... > > # object oriented method call, see Eagle p.65 > > sub handler : method { > > ... > > eval { > > $pk = $class->new( $requestrec ); > > ^^^^^ THE ERROR OCCURS AS THE OBJECT IS INSTANTIATED ^^^^ > > ... > > }; > > ^^^^^ ?!? THE METHOD CALL DOES NOT SEEM TO GET TO ?!? ^^^^ > > ^^^^^ ?!? THIS POINT DESPITE THE EVAL -- I'VE TESTED ?!? ^^^^ > > ^^^^^ ?!? IT WITH die "Error: $@" if $@ ?!? ^^^^ > > -- > > > > but I can't figure out how to debug from here given that a > > > > die "Error: $@" if $@; > > > > after the eval does not produce any output in error_log (and > > presumably the > > method is not even getting to this point.) > > > > My Config.xml GLOBALS and SERVERS tags are straightforward: > > > > -- > > <GLOBAL > > default_page = "index" > > fop_command = "/usr/java/jdk1.3.0_02/bin/java -cp > > /usr/local/javaclass/fop org.apache.fop.apps.CommandLine" > > gzip_output = "static" > > login_page="login1" > > model_base_class="PageKit::Common" > > model_dispatch_prefix="PageKit::CollinStarkweather::App" > > recent_login_timeout="10" > > session_expires="+1y" > > /> > > <SERVERS> > > <SERVER id="production" > > reload="no"/> > > <SERVER id="staging" > > can_edit="yes" > > reload="yes"/> > > </SERVERS> > > -- > > > > as is my httpd.conf configuration > > > > -- > > # For some reason PageKit doesn't see these if they are put in > > # the VirtualHost directive > > PerlSetVar PKIT_ROOT /app/apache2/site/www.collinstarkweather.com/ > > pagekit > > PerlSetVar PKIT_SERVER staging > > > > <VirtualHost *:80> > > ... > > SetHandler perl-script > > PerlHandler +Apache2::PageKit > > <Perl> > > use Apache2::PageKit; > > Apache2::PageKit->startup; > > </Perl> > > PerlRequire /app/apache2/site/www.collinstarkweather.com/scripts/ > > startup.pl > > PerlModule Apache2::ErrorReport > > PerlSetVar ErrorReportHandler display > > </VirtualHost> > > -- > > > > I'm certainly willing to try to debug things myself, but am stuck. > > > > Thanks, > > > > -Collin ---------------------------------------------------------------- This message was sent using IMP, the Internet Messaging Program. |
|
From: Boris Z. <bz...@2b...> - 2006-07-15 13:05:45
|
Hi Collin,
I guess the problem is, that the uploadlimit from libapreq2 has
changed to a new lower limit. The solution is
a)
set your post_max in pagekits global config file to a value >=
64_000_000 (64MB)
b)
to raise the limit in your httpd.conf file. with
APREQ2_ReadLimit 100000000
Am 15.07.2006 um 05:21 schrieb Collin Starkweather:
> I recently upgraded to Apache2::Pagekit 2.14.14 (w/mod_perl 2.0.1
> and apache2
> 2.0.58) and have been having significant problems with the install.
>
> I narrowed the error down to Apache2::Request::PageKit:
>
> --
> package Apache2::Request::PageKit;
> ...
> # object oriented method call, see Eagle p.65
> sub handler : method {
> ...
> eval {
> $pk = $class->new( $requestrec );
> ^^^^^ THE ERROR OCCURS AS THE OBJECT IS INSTANTIATED ^^^^
> ...
> };
> ^^^^^ ?!? THE METHOD CALL DOES NOT SEEM TO GET TO ?!? ^^^^
> ^^^^^ ?!? THIS POINT DESPITE THE EVAL -- I'VE TESTED ?!? ^^^^
> ^^^^^ ?!? IT WITH die "Error: $@" if $@ ?!? ^^^^
> --
>
> but I can't figure out how to debug from here given that a
>
> die "Error: $@" if $@;
>
> after the eval does not produce any output in error_log (and
> presumably the
> method is not even getting to this point.)
>
> My Config.xml GLOBALS and SERVERS tags are straightforward:
>
> --
> <GLOBAL
> default_page = "index"
> fop_command = "/usr/java/jdk1.3.0_02/bin/java -cp
> /usr/local/javaclass/fop org.apache.fop.apps.CommandLine"
> gzip_output = "static"
> login_page="login1"
> model_base_class="PageKit::Common"
> model_dispatch_prefix="PageKit::CollinStarkweather::App"
> recent_login_timeout="10"
> session_expires="+1y"
> />
> <SERVERS>
> <SERVER id="production"
> reload="no"/>
> <SERVER id="staging"
> can_edit="yes"
> reload="yes"/>
> </SERVERS>
> --
>
> as is my httpd.conf configuration
>
> --
> # For some reason PageKit doesn't see these if they are put in
> # the VirtualHost directive
> PerlSetVar PKIT_ROOT /app/apache2/site/www.collinstarkweather.com/
> pagekit
> PerlSetVar PKIT_SERVER staging
>
> <VirtualHost *:80>
> ...
> SetHandler perl-script
> PerlHandler +Apache2::PageKit
> <Perl>
> use Apache2::PageKit;
> Apache2::PageKit->startup;
> </Perl>
> PerlRequire /app/apache2/site/www.collinstarkweather.com/scripts/
> startup.pl
> PerlModule Apache2::ErrorReport
> PerlSetVar ErrorReportHandler display
> </VirtualHost>
> --
>
> I'm certainly willing to try to debug things myself, but am stuck.
>
> Thanks,
>
> -Collin
>
> --
> Collin Starkweather, Ph.D.
> http://www.collinstarkweather.com
>
>
> ----------------------------------------------------------------
> This message was sent using IMP, the Internet Messaging Program.
>
>
>
> ----------------------------------------------------------------------
> ---
> Using Tomcat but need to do more? Need to support web services,
> security?
> Get stuff done quickly with pre-integrated technology to make your
> job easier
> Download IBM WebSphere Application Server v.1.0.1 based on Apache
> Geronimo
> http://sel.as-us.falkag.net/sel?
> cmd=lnk&kid=120709&bid=263057&dat=121642
> _______________________________________________
> Pagekit-users mailing list
> Pag...@li...
> https://lists.sourceforge.net/lists/listinfo/pagekit-users
--
Boris
|
|
From: Collin S. <col...@co...> - 2006-07-15 03:21:39
|
I recently upgraded to Apache2::Pagekit 2.14.14 (w/mod_perl 2.0.1 and apache2
2.0.58) and have been having significant problems with the install.
I narrowed the error down to Apache2::Request::PageKit:
--
package Apache2::Request::PageKit;
...
# object oriented method call, see Eagle p.65
sub handler : method {
...
eval {
$pk = $class->new( $requestrec );
^^^^^ THE ERROR OCCURS AS THE OBJECT IS INSTANTIATED ^^^^
...
};
^^^^^ ?!? THE METHOD CALL DOES NOT SEEM TO GET TO ?!? ^^^^
^^^^^ ?!? THIS POINT DESPITE THE EVAL -- I'VE TESTED ?!? ^^^^
^^^^^ ?!? IT WITH die "Error: $@" if $@ ?!? ^^^^
--
but I can't figure out how to debug from here given that a
die "Error: $@" if $@;
after the eval does not produce any output in error_log (and presumably the
method is not even getting to this point.)
My Config.xml GLOBALS and SERVERS tags are straightforward:
--
<GLOBAL
default_page = "index"
fop_command = "/usr/java/jdk1.3.0_02/bin/java -cp
/usr/local/javaclass/fop org.apache.fop.apps.CommandLine"
gzip_output = "static"
login_page="login1"
model_base_class="PageKit::Common"
model_dispatch_prefix="PageKit::CollinStarkweather::App"
recent_login_timeout="10"
session_expires="+1y"
/>
<SERVERS>
<SERVER id="production"
reload="no"/>
<SERVER id="staging"
can_edit="yes"
reload="yes"/>
</SERVERS>
--
as is my httpd.conf configuration
--
# For some reason PageKit doesn't see these if they are put in
# the VirtualHost directive
PerlSetVar PKIT_ROOT /app/apache2/site/www.collinstarkweather.com/pagekit
PerlSetVar PKIT_SERVER staging
<VirtualHost *:80>
...
SetHandler perl-script
PerlHandler +Apache2::PageKit
<Perl>
use Apache2::PageKit;
Apache2::PageKit->startup;
</Perl>
PerlRequire /app/apache2/site/www.collinstarkweather.com/scripts/startup.pl
PerlModule Apache2::ErrorReport
PerlSetVar ErrorReportHandler display
</VirtualHost>
--
I'm certainly willing to try to debug things myself, but am stuck.
Thanks,
-Collin
--
Collin Starkweather, Ph.D.
http://www.collinstarkweather.com
----------------------------------------------------------------
This message was sent using IMP, the Internet Messaging Program.
|
|
From: Boris Z. <bz...@2b...> - 2006-06-21 21:48:21
|
Hi Russell, Am 21.06.2006 um 20:48 schrieb Russell D. Weiss: > Thanks, Boris. > > It's a fairly large application, so modifying the entire app to use =20= > the > "trick" to detect the encoding that the browser is using would =20 > work, but > might be a bit of a pain to build-in to the entire app. > Not really, just build your own class, that acts like =20 Apache2::Request and point A::P in your global config to that class =20 (see: request_class). In that case you have only one place to edit =20 for your whole app. > Actually, using Encode::encode and encoding to UTF8 before =20 > outputting via > $model->fillinform() seemed to work and "fix" the output. I'm not =20 > sure that Just overload fillinform. This might fix the problem, but the source =20 of the error still remains. But if all your data is in the right format, this is unneeded. > > this is the "proper" way of doing things though. Rather than =20 > modifying the > entire app and each "fillinform()" call, I was considering =20 > modifying the No, just replace fillinfoerm in your modelcode and call $m-=20 >SUPER::fillinform later. > PageKit code that calls HTML::FillInForm and wrap the =20 > Encode::encode call > into there. I'm not sure if this is a great way to go, or if it is =20= > safe in > general. Actually, I don't pretend to be all that good when it =20 > comes to > character sets and encoding in general. > character encoding is a big pain. Your goal must be, that all input =20 is in one charset. my choice is always utf8. This means that my =20 database provide utf8 data my templtes are in utf8 and my data too. =20 Whenever my data came from a unsure datasource like a database I =20 check once if the utf8flag is set for utf8 data. if so im happy. =20 otherwise I check if the binary data is utf8. if so I just set the =20 utf8 flag and Im done. otherwise I convert the data with the =20 Encode::decode function. All this has to be done only once. Form data is a bit more difficult and need more checks. Thats where =20 the A::P::R class takes place. Look for a example at the first lines =20 of the Apache2/PageKit.pm file. > What are your thoughts on this? your big helper's here are Encode::decode, Encode::encode, Encode::is_utf8, Encode::_utf8_on, =20 Encode::_utf8_off Devel::Peek::Dump and the DBI qw(:utils) functions DBI::data_string_desc DBI::data_diff if you put some hours in your request_class most if not all your =20 problems go away. > > Thanks, > Russell > > ----- Original Message ----- > From: "Boris Zentner" <bz...@2b...> > To: "Russell D. Weiss" <rw...@in...> > Cc: <pag...@li...> > Sent: Thursday, June 15, 2006 5:32 PM > Subject: Re: [Pagekit-users] Character set or parsing issue? > > > Hi, > > Am 14.06.2006 um 22:10 schrieb Russell D. Weiss: > >> Hello all, >> >> Long time no post :-). >> >> We've encountered the following problem in our PageKit >> application. When >> pulling data from a database and using $model->fillinform to >> populate form >> fields, we're seeing problems when the data contains certain >> international >> characters, such as "=E1" -- as well as potentially some others. >> >> Basically, if the word "Test=E1" is pulled from the database, the >> HTML form >> field will look like: >> >> <input type=3D"text" value=3D"Test? name=3D"blah"> Obviously, this = causes >> problems, as the value is not terminated properly with a quote, and >> the true >> value is not shown in the form field. I tested HTML::FillInForm >> separately >> and this problem does not appear. The problem may be due to some >> parsing >> that pagekit does after it runs the the page through =20 >> HTML::FillInForm. >> >> Boris and others, do you have any idea as to what might cause this? >> > > I remember that problem. The reason is, that you lost the encoding of > your string somewhere. mysql for example does it always wrong. > Pagekit try to ship around the problem by removeing the utf8 flag > before we pass the data to fillinform. and force utf8 on the result. > There might be a bug or some strings in your page are not in the > propper encoding. The other source of such errors are > Apache::Request. Since anything stored there lost the utf8 flag. > > I think your input is somewhere not your default_input_charset. The > source of the problem is your database, or inputparams. Pagekit does > the right thing as far as I know for all sorts of input unless you > mix the charsets. > > I have working solutions for any input but it takes a while to > explain all of them ;-) One is to convert all my inputs from the > database to default_input_charset with Encode::decode or I use > postgres with pg_enable_utf8 ;-) the other one is the right charset > from __from__ fields since browsers answer in a different charset > from time to time. The trick is to send a hidden field with known > chars like '=E1' and check that first. if it is the same as '=E1' in > latin1 you know the encoding for all other fields easy enough other > wise compare to another charset. The third point is to use a own > Apacje::Request object to handle the utf8 flag correctly. I can show > a example if you like. It is really hard to handle the charset issue > correct. If there is a mistake you get a '?' for the char in > question. The form trick is explained somehow with my answers to this > tread on pm: > > http://www.perlmonks.com/index.pl?node_id=3D401315 > > I really know it is confusing, what version of pagekit do you use? I > remember there was a change to handle more wrong cases. Feel free to > ask more specific and I try to came up with a better description ;-) > > The basic problem is this: > > use Encode; > use DBI; > > # setup a test database > my $dbh =3D DBI->connect( "dbi:SQLite:dbname=3D/tmp/dbfile", > "", "", { PrintError =3D> 0, RaiseError =3D> =20= > 1 } ); > eval { $dbh->do(q{ CREATE TABLE t_storage ( id INTEGER, str VARCHAR > (255) ) }) }; > eval { $dbh->do(q{ DELETE FROM t_storage }) }; > > # and our test stringss > my $str =3D 'test' . chr(0xe1); #latin1 string > my $utf8_str =3D decode( 'iso-8859-1', $str ); # same string, but =20= > utf8 > > compare( "compare \$str, \$utf8_str:\n", $str, $utf8_str ); > > # serialize the data into a database removes the utf8 flag only =20 > postgres > # can handle this correct on request > $dbh->do( q{ INSERT INTO t_storage VALUES ( 1, ? ) }, {}, $str ); > my ($str_from_db) =3D > $dbh->selectrow_array(q{ SELECT str FROM t_storage WHERE id =3D 1 = }); > $dbh->do( q{ INSERT INTO t_storage VALUES ( 2, ? ) }, {}, $utf8_str ); > my ($utf8_str_from_db) =3D > $dbh->selectrow_array(q{ SELECT str FROM t_storage WHERE id =3D 2 = }); > > # compare again > compare( "compare \$str_from_db, \$utf8_str_from_db:\n", > $str_from_db, $utf8_str_from_db ); > > # compare again > compare( "compare \$utf8_str, \$utf8_str_from_db:\n", > $utf8_str, $utf8_str_from_db ); > > { > use bytes; > print "compare binary \$utf8_str, \$utf8_str_from_db:\n"; > print $utf8_str eq $utf8_str_from_db ? "same" : "different", $/, =20= > $/; > } > > # > > ######## > ## Subs > ######## > sub compare { > print shift; > my ( $s1, $s2 ) =3D @_; > > # compare > { > use bytes; > print length $s1, $/; # length $str > print length $s2, $/; # length $utf8_str > } > > # supprise for most people > print $s1 eq $s2 ? "same" : "different", $/, $/; > } > > > >> Thanks, >> Russell >> >> >> >> _______________________________________________ >> Pagekit-users mailing list >> Pag...@li... >> https://lists.sourceforge.net/lists/listinfo/pagekit-users > > -- > Boris > > > > > _______________________________________________ > Pagekit-users mailing list > Pag...@li... > https://lists.sourceforge.net/lists/listinfo/pagekit-users > > > All the advantages of Linux Managed Hosting--Without the Cost and =20 > Risk! > Fully trained technicians. The highest number of Red Hat =20 > certifications in > the hosting industry. Fanatical Support. Click to learn more > http://sel.as-us.falkag.net/sel?=20 > cmd=3Dlnk&kid=3D107521&bid=3D248729&dat=3D121642 > _______________________________________________ > Pagekit-users mailing list > Pag...@li... > https://lists.sourceforge.net/lists/listinfo/pagekit-users -- Boris |
|
From: Russell D. W. <rw...@in...> - 2006-06-21 18:49:12
|
Thanks, Boris. It's a fairly large application, so modifying the entire app to use the "trick" to detect the encoding that the browser is using would work, but might be a bit of a pain to build-in to the entire app. Actually, using Encode::encode and encoding to UTF8 before outputting via $model->fillinform() seemed to work and "fix" the output. I'm not sure that this is the "proper" way of doing things though. Rather than modifying the entire app and each "fillinform()" call, I was considering modifying the PageKit code that calls HTML::FillInForm and wrap the Encode::encode call into there. I'm not sure if this is a great way to go, or if it is safe in general. Actually, I don't pretend to be all that good when it comes to character sets and encoding in general. What are your thoughts on this? Thanks, Russell ----- Original Message ----- From: "Boris Zentner" <bz...@2b...> To: "Russell D. Weiss" <rw...@in...> Cc: <pag...@li...> Sent: Thursday, June 15, 2006 5:32 PM Subject: Re: [Pagekit-users] Character set or parsing issue? Hi, Am 14.06.2006 um 22:10 schrieb Russell D. Weiss: > Hello all, > > Long time no post :-). > > We've encountered the following problem in our PageKit > application. When > pulling data from a database and using $model->fillinform to > populate form > fields, we're seeing problems when the data contains certain > international > characters, such as "á" -- as well as potentially some others. > > Basically, if the word "Testá" is pulled from the database, the > HTML form > field will look like: > > <input type="text" value="Test? name="blah"> Obviously, this causes > problems, as the value is not terminated properly with a quote, and > the true > value is not shown in the form field. I tested HTML::FillInForm > separately > and this problem does not appear. The problem may be due to some > parsing > that pagekit does after it runs the the page through HTML::FillInForm. > > Boris and others, do you have any idea as to what might cause this? > I remember that problem. The reason is, that you lost the encoding of your string somewhere. mysql for example does it always wrong. Pagekit try to ship around the problem by removeing the utf8 flag before we pass the data to fillinform. and force utf8 on the result. There might be a bug or some strings in your page are not in the propper encoding. The other source of such errors are Apache::Request. Since anything stored there lost the utf8 flag. I think your input is somewhere not your default_input_charset. The source of the problem is your database, or inputparams. Pagekit does the right thing as far as I know for all sorts of input unless you mix the charsets. I have working solutions for any input but it takes a while to explain all of them ;-) One is to convert all my inputs from the database to default_input_charset with Encode::decode or I use postgres with pg_enable_utf8 ;-) the other one is the right charset from __from__ fields since browsers answer in a different charset from time to time. The trick is to send a hidden field with known chars like 'á' and check that first. if it is the same as 'á' in latin1 you know the encoding for all other fields easy enough other wise compare to another charset. The third point is to use a own Apacje::Request object to handle the utf8 flag correctly. I can show a example if you like. It is really hard to handle the charset issue correct. If there is a mistake you get a '?' for the char in question. The form trick is explained somehow with my answers to this tread on pm: http://www.perlmonks.com/index.pl?node_id=401315 I really know it is confusing, what version of pagekit do you use? I remember there was a change to handle more wrong cases. Feel free to ask more specific and I try to came up with a better description ;-) The basic problem is this: use Encode; use DBI; # setup a test database my $dbh = DBI->connect( "dbi:SQLite:dbname=/tmp/dbfile", "", "", { PrintError => 0, RaiseError => 1 } ); eval { $dbh->do(q{ CREATE TABLE t_storage ( id INTEGER, str VARCHAR (255) ) }) }; eval { $dbh->do(q{ DELETE FROM t_storage }) }; # and our test stringss my $str = 'test' . chr(0xe1); #latin1 string my $utf8_str = decode( 'iso-8859-1', $str ); # same string, but utf8 compare( "compare \$str, \$utf8_str:\n", $str, $utf8_str ); # serialize the data into a database removes the utf8 flag only postgres # can handle this correct on request $dbh->do( q{ INSERT INTO t_storage VALUES ( 1, ? ) }, {}, $str ); my ($str_from_db) = $dbh->selectrow_array(q{ SELECT str FROM t_storage WHERE id = 1 }); $dbh->do( q{ INSERT INTO t_storage VALUES ( 2, ? ) }, {}, $utf8_str ); my ($utf8_str_from_db) = $dbh->selectrow_array(q{ SELECT str FROM t_storage WHERE id = 2 }); # compare again compare( "compare \$str_from_db, \$utf8_str_from_db:\n", $str_from_db, $utf8_str_from_db ); # compare again compare( "compare \$utf8_str, \$utf8_str_from_db:\n", $utf8_str, $utf8_str_from_db ); { use bytes; print "compare binary \$utf8_str, \$utf8_str_from_db:\n"; print $utf8_str eq $utf8_str_from_db ? "same" : "different", $/, $/; } # ######## ## Subs ######## sub compare { print shift; my ( $s1, $s2 ) = @_; # compare { use bytes; print length $s1, $/; # length $str print length $s2, $/; # length $utf8_str } # supprise for most people print $s1 eq $s2 ? "same" : "different", $/, $/; } > Thanks, > Russell > > > > _______________________________________________ > Pagekit-users mailing list > Pag...@li... > https://lists.sourceforge.net/lists/listinfo/pagekit-users -- Boris _______________________________________________ Pagekit-users mailing list Pag...@li... https://lists.sourceforge.net/lists/listinfo/pagekit-users |
|
From: Boris Z. <bz...@2b...> - 2006-06-15 21:33:00
|
Hi, Am 14.06.2006 um 22:10 schrieb Russell D. Weiss: > Hello all, > > Long time no post :-). > > We've encountered the following problem in our PageKit =20 > application. When > pulling data from a database and using $model->fillinform to =20 > populate form > fields, we're seeing problems when the data contains certain =20 > international > characters, such as "=E1" -- as well as potentially some others. > > Basically, if the word "Test=E1" is pulled from the database, the =20 > HTML form > field will look like: > > <input type=3D"text" value=3D"Test? name=3D"blah"> Obviously, this = causes > problems, as the value is not terminated properly with a quote, and =20= > the true > value is not shown in the form field. I tested HTML::FillInForm =20 > separately > and this problem does not appear. The problem may be due to some =20 > parsing > that pagekit does after it runs the the page through HTML::FillInForm. > > Boris and others, do you have any idea as to what might cause this? > I remember that problem. The reason is, that you lost the encoding of =20= your string somewhere. mysql for example does it always wrong. =20 Pagekit try to ship around the problem by removeing the utf8 flag =20 before we pass the data to fillinform. and force utf8 on the result. =20 There might be a bug or some strings in your page are not in the =20 propper encoding. The other source of such errors are =20 Apache::Request. Since anything stored there lost the utf8 flag. I think your input is somewhere not your default_input_charset. The =20 source of the problem is your database, or inputparams. Pagekit does =20 the right thing as far as I know for all sorts of input unless you =20 mix the charsets. I have working solutions for any input but it takes a while to =20 explain all of them ;-) One is to convert all my inputs from the =20 database to default_input_charset with Encode::decode or I use =20 postgres with pg_enable_utf8 ;-) the other one is the right charset =20 from __from__ fields since browsers answer in a different charset =20 from time to time. The trick is to send a hidden field with known =20 chars like '=E1' and check that first. if it is the same as '=E1' in =20 latin1 you know the encoding for all other fields easy enough other =20 wise compare to another charset. The third point is to use a own =20 Apacje::Request object to handle the utf8 flag correctly. I can show =20 a example if you like. It is really hard to handle the charset issue =20 correct. If there is a mistake you get a '?' for the char in =20 question. The form trick is explained somehow with my answers to this =20= tread on pm: http://www.perlmonks.com/index.pl?node_id=3D401315 I really know it is confusing, what version of pagekit do you use? I =20 remember there was a change to handle more wrong cases. Feel free to =20 ask more specific and I try to came up with a better description ;-) The basic problem is this: use Encode; use DBI; # setup a test database my $dbh =3D DBI->connect( "dbi:SQLite:dbname=3D/tmp/dbfile", "", "", { PrintError =3D> 0, RaiseError =3D> 1 = } ); eval { $dbh->do(q{ CREATE TABLE t_storage ( id INTEGER, str VARCHAR=20 (255) ) }) }; eval { $dbh->do(q{ DELETE FROM t_storage }) }; # and our test stringss my $str =3D 'test' . chr(0xe1); #latin1 string my $utf8_str =3D decode( 'iso-8859-1', $str ); # same string, but = utf8 compare( "compare \$str, \$utf8_str:\n", $str, $utf8_str ); # serialize the data into a database removes the utf8 flag only postgres # can handle this correct on request $dbh->do( q{ INSERT INTO t_storage VALUES ( 1, ? ) }, {}, $str ); my ($str_from_db) =3D $dbh->selectrow_array(q{ SELECT str FROM t_storage WHERE id =3D 1 }); $dbh->do( q{ INSERT INTO t_storage VALUES ( 2, ? ) }, {}, $utf8_str ); my ($utf8_str_from_db) =3D $dbh->selectrow_array(q{ SELECT str FROM t_storage WHERE id =3D 2 }); # compare again compare( "compare \$str_from_db, \$utf8_str_from_db:\n", $str_from_db, $utf8_str_from_db ); # compare again compare( "compare \$utf8_str, \$utf8_str_from_db:\n", $utf8_str, $utf8_str_from_db ); { use bytes; print "compare binary \$utf8_str, \$utf8_str_from_db:\n"; print $utf8_str eq $utf8_str_from_db ? "same" : "different", $/, $/; } # ######## ## Subs ######## sub compare { print shift; my ( $s1, $s2 ) =3D @_; # compare { use bytes; print length $s1, $/; # length $str print length $s2, $/; # length $utf8_str } # supprise for most people print $s1 eq $s2 ? "same" : "different", $/, $/; } > Thanks, > Russell > > > > _______________________________________________ > Pagekit-users mailing list > Pag...@li... > https://lists.sourceforge.net/lists/listinfo/pagekit-users -- Boris |
|
From: Russell D. W. <rw...@in...> - 2006-06-14 20:10:31
|
Hello all, Long time no post :-). We've encountered the following problem in our PageKit application. When pulling data from a database and using $model->fillinform to populate form fields, we're seeing problems when the data contains certain international characters, such as "á" -- as well as potentially some others. Basically, if the word "Testá" is pulled from the database, the HTML form field will look like: <input type="text" value="Test? name="blah"> Obviously, this causes problems, as the value is not terminated properly with a quote, and the true value is not shown in the form field. I tested HTML::FillInForm separately and this problem does not appear. The problem may be due to some parsing that pagekit does after it runs the the page through HTML::FillInForm. Boris and others, do you have any idea as to what might cause this? Thanks, Russell |
|
From: Boris Z. <bz...@2b...> - 2006-03-11 10:12:25
|
Hi all, Am 08.03.2006 um 11:32 schrieb Erik G=FCnther: > Hi > > I just upgraded to 1.18 (from 1.14 beta) and now =20 > PKIT_EDIT_COMPONENT are lost. Not the normal but the custom made =20 > version where I can collect all edit links to one place on the page. > I remember the patch. And I remember, that there was a reason why we =20 did not include it so far. I guess it was a little preformance lost. Was there a discussion about the functionality of PKIT_EDIT_COMPOMENT =20= on the list? Someone else like this future? @Erik: should I try to prepare a 1.18 with PKIT_EDIT_COMPOMENT for you? > On the page: > -----8<------ > > <PKIT_EDIT_COMPONENT NAME=3D"/pkit_edit/link"/> > > > ---->8------ > > and in /pkit_edit/link > > ----8<------ > > <ul> > <MODEL_LOOP name=3D"PKIT_EDIT_LINKS"> > <li> <a href=3D"/pagekit<MODEL_VAR name=3D"PKIT_EDIT_URL">"><MODEL_VAR = =20 > name=3D"PKIT_EDIT_FILENAME"></a></li> > </MODEL_LOOP> > </ul> > > ---->8------ > > Boris helped me do a special version of this based on 1.14 and it =20 > seams that i got list in CVS or something. So Boris if you want I =20 > can send you a working version of this code. So all of you can =20 > benifit from this nice feature :) > > /erikg > > > ------------------------------------------------------- > This SF.Net email is sponsored by xPML, a groundbreaking scripting =20 > language > that extends applications into web and mobile media. Attend the =20 > live webcast > and join the prime developer group breaking into this new coding =20 > territory! > http://sel.as-us.falkag.net/sel?=20 > cmd=3Dlnk&kid=3D110944&bid=3D241720&dat=3D121642 > _______________________________________________ > Pagekit-users mailing list > Pag...@li... > https://lists.sourceforge.net/lists/listinfo/pagekit-users -- Boris |
|
From: <er...@bo...> - 2006-03-08 10:32:31
|
Hi I just upgraded to 1.18 (from 1.14 beta) and now PKIT_EDIT_COMPONENT are lost. Not the normal but the custom made version where I can collect all edit links to one place on the page. On the page: -----8<------ <PKIT_EDIT_COMPONENT NAME="/pkit_edit/link"/> ---->8------ and in /pkit_edit/link ----8<------ <ul> <MODEL_LOOP name="PKIT_EDIT_LINKS"> <li> <a href="/pagekit<MODEL_VAR name="PKIT_EDIT_URL">"><MODEL_VAR name="PKIT_EDIT_FILENAME"></a></li> </MODEL_LOOP> </ul> ---->8------ Boris helped me do a special version of this based on 1.14 and it seams that i got list in CVS or something. So Boris if you want I can send you a working version of this code. So all of you can benifit from this nice feature :) /erikg |
|
From: Shimon R. <sh...@ru...> - 2006-01-12 03:51:26
|
Boris,
I tested your solution and it works. I like this fix better than the one I
originally proposed, and I encourage you to roll it into PageKit.
thanks,
shimon.
On 1/7/06, Boris Zentner <bz...@2b...> wrote:
>
> Hi,
>
> I like to share another ( untested ) idea. What about just inherit
> pkit_message in Common.pm?
>
> The advantages are, that it works with TT and H:T. Also your server
> can handle different applications ( and they can do different
> things ). And the escaping can do different things for different
> content_types ie: I do not want > on my pdf's.
>
> # add this to Common.pm
> use HTML::Entities ();
> sub pkit_message {
> my $model =3D shift;
> # propably do different escape for different content_types html/
> xml/wml/pdf
> # whatever
> $_[0] =3D HTML::Entities::encode_entities( $_[0] );
> $model->SUPER::pkit_message(@_);
> }
>
> If this is fine for all, I suggest to include a always html escape
> solution in the next pkit release. And everyone can go back to the
> old behavior by removing pkit_messages from Common.pm.
>
> What do you think?
>
>
> Am 06.01.2006 um 16:48 schrieb Shimon Rura:
>
> > Hi pagekit users,
> >
> > A user of my pagekit app suggested there might be a cross-site
> > scripting vulnerability. The vulnerability is in using the
> > pkit_messages input parameter, which triggers display of a
> > message. The problem is that:
> >
> > 1. messages are displayed without escaping, so I could put a <b> or
> > even a <script> tag into a message; and
> >
> > 2. pkit_messages is an input parameter, so one could set the
> > message when linking to my pagekit site from another site.
> >
> > That means someone could link to my site and display a message that
> > contains a <script> tag. They could link to my login form, but add
> > an onsubmit handler to the form that sends user logins and
> > passwords to their server before logging the user into my site.
> > That would be bad.
> >
> > Using HTML::Template, messages are rendered using special pagekit
> > tags, e.g.:
> >
> > <PKIT_MESSAGES>
> >
> > <p class=3D"message">
> > <PKIT_IS_ERROR><font color=3D"<PKIT_ERRORSTR>"></PKIT_IS_ERROR>
> > • <PKIT_MESSAGE>
> > <PKIT_IS_ERROR></font></PKIT_IS_ERROR>
> > </p>
> >
> > </PKIT_MESSAGES>
> >
> >
> > The PKIT_MESSAGE tag doesn't accept the ESCAPE=3D"HTML" parameter
> > like MODEL_VAR does. However I was able to add HTML escaping by
> > changing line 66 in Apache/PageKit/View.pm from:
> >
> > MESSAGE =3D> '<TMPL_VAR
> > NAME=3D"PKIT_MESSAGE">',
> > to
> > MESSAGE =3D> '<TMPL_VAR
> > NAME=3D"PKIT_MESSAGE" ESCAPE=3D"HTML">',
> >
> > Am I right that there is a vulnerabillity? Is this a useful fix?
> >
> > Thank you,
> > Shimon Rura
>
> --
> Boris
>
>
>
>
|
|
From: Boris Z. <bz...@2b...> - 2006-01-08 22:18:43
|
Hi All, sorry, I'm somewhat late here. For some unknown reason I did not read the= list=20 for a while.=20 The answer is a browser is free to change the charset in the answer. Even= if=20 you know the charset you used to send the form. There is a attribute to t= he=20 form tag to hint a charset to the browser. But for my tests it did not wo= rk. The only solutio, that always worked for me is add a hidden field to the = form=20 with a char or word that is diffenent in utf8 and your prefered charset(s= ). In my case I use utf8 and latin-1. Then look at the length or values of the string in your hidden field if t= hat=20 string is in utf8 all other form values are also in utf8 thats the whole=20 trick. And the best, to always do this on the fly just subclass=20 Apache::Request::PageKit and add request_class =3D "MyCharsetFunPackage" = to=20 your config. Am Mittwoch, 23. November 2005 14:23 schrieb Erik G=C3=BCnther: > Hi > > I have played with pagekit for some time now. And now I would be able t= o > have a site that use UTF8 internally. But how to I do that. The easy > part is to have all files in UTF-8 and save to the DB in UTF-8 and so > on. But pagekit are smart and sends the page in the encoding the browse= r > prefers. That is not any problem. But who do I handle the input from a > form? > > I mean how do I know what char encoding the web-browser are sending in? > I can't trust the outgoing encoding because that is trivial to change i= n > ant browser. Afaik there are no serten way to tell what encoding by jus= t > looking at the string. > > What are you doing to fix this? Om my previous site i "converted" all t= o > Latin-1. But that was just a ugly hack. utf8:Is_utf8() and > Encode::is_uft8() won't help they say false on every string passed by > apache. :/ > > > One way is to block pagekit and send everything in UTF-8 because most > often the browser will send the return in UTF-8... but that solution > aren't bullet prof. The user can still send in eg Latin-1 or the browse= r > do not handle UTF-8 (rare). > > Any ideas? --=20 Boris |
|
From: Boris Z. <bz...@2b...> - 2006-01-07 15:18:50
|
Hi,
I like to share another ( untested ) idea. What about just inherit
pkit_message in Common.pm?
The advantages are, that it works with TT and H:T. Also your server
can handle different applications ( and they can do different
things ). And the escaping can do different things for different
content_types ie: I do not want > on my pdf's.
# add this to Common.pm
use HTML::Entities ();
sub pkit_message {
my $model = shift;
# propably do different escape for different content_types html/
xml/wml/pdf
# whatever
$_[0] = HTML::Entities::encode_entities( $_[0] );
$model->SUPER::pkit_message(@_);
}
If this is fine for all, I suggest to include a always html escape
solution in the next pkit release. And everyone can go back to the
old behavior by removing pkit_messages from Common.pm.
What do you think?
Am 06.01.2006 um 16:48 schrieb Shimon Rura:
> Hi pagekit users,
>
> A user of my pagekit app suggested there might be a cross-site
> scripting vulnerability. The vulnerability is in using the
> pkit_messages input parameter, which triggers display of a
> message. The problem is that:
>
> 1. messages are displayed without escaping, so I could put a <b> or
> even a <script> tag into a message; and
>
> 2. pkit_messages is an input parameter, so one could set the
> message when linking to my pagekit site from another site.
>
> That means someone could link to my site and display a message that
> contains a <script> tag. They could link to my login form, but add
> an onsubmit handler to the form that sends user logins and
> passwords to their server before logging the user into my site.
> That would be bad.
>
> Using HTML::Template, messages are rendered using special pagekit
> tags, e.g.:
>
> <PKIT_MESSAGES>
>
> <p class="message">
> <PKIT_IS_ERROR><font color="<PKIT_ERRORSTR>"></PKIT_IS_ERROR>
> • <PKIT_MESSAGE>
> <PKIT_IS_ERROR></font></PKIT_IS_ERROR>
> </p>
>
> </PKIT_MESSAGES>
>
>
> The PKIT_MESSAGE tag doesn't accept the ESCAPE="HTML" parameter
> like MODEL_VAR does. However I was able to add HTML escaping by
> changing line 66 in Apache/PageKit/View.pm from:
>
> MESSAGE => '<TMPL_VAR
> NAME="PKIT_MESSAGE">',
> to
> MESSAGE => '<TMPL_VAR
> NAME="PKIT_MESSAGE" ESCAPE="HTML">',
>
> Am I right that there is a vulnerabillity? Is this a useful fix?
>
> Thank you,
> Shimon Rura
--
Boris
|
|
From: Shimon R. <sh...@ru...> - 2006-01-06 15:48:56
|
Hi pagekit users,
A user of my pagekit app suggested there might be a cross-site scripting
vulnerability. The vulnerability is in using the pkit_messages input
parameter, which triggers display of a message. The problem is that:
1. messages are displayed without escaping, so I could put a <b> or even a
<script> tag into a message; and
2. pkit_messages is an input parameter, so one could set the message when
linking to my pagekit site from another site.
That means someone could link to my site and display a message that contain=
s
a <script> tag. They could link to my login form, but add an onsubmit
handler to the form that sends user logins and passwords to their server
before logging the user into my site. That would be bad.
Using HTML::Template, messages are rendered using special pagekit tags, e.g
.:
<PKIT_MESSAGES>
<p class=3D"message">
<PKIT_IS_ERROR><font color=3D"<PKIT_ERRORSTR>"></PKIT_IS_ERROR>
• <PKIT_MESSAGE>
<PKIT_IS_ERROR></font></PKIT_IS_ERROR>
</p>
</PKIT_MESSAGES>
The PKIT_MESSAGE tag doesn't accept the ESCAPE=3D"HTML" parameter like
MODEL_VAR does. However I was able to add HTML escaping by changing line 6=
6
in Apache/PageKit/View.pm from:
MESSAGE =3D> '<TMPL_VAR
NAME=3D"PKIT_MESSAGE">',
to
MESSAGE =3D> '<TMPL_VAR
NAME=3D"PKIT_MESSAGE" ESCAPE=3D"HTML">',
Am I right that there is a vulnerabillity? Is this a useful fix?
Thank you,
Shimon Rura
|
|
From: <el...@us...> - 2005-11-27 00:33:33
|
Hi! Is there a way to pass data from the model to xsl:attribute-tags in an
xsl:template?
<MODEL_VAR> works fine in xsl:templates:
<xsl:template match="BlaBla">
<a>
<MODEL_VAR NAME="myvar"/>
</a>
</xsl:template>
but not in xsl:attribute tags...
<xsl:template match="BlaBla">
<a>
<xsl:attribute name="href">
<MODEL_VAR NAME="myvar"/>
</xsl:attribute>
..or in xsl:param tags...
<xsl:param name="apa">
<MODEL_VAR NAME="myvar"/>
</xsl:param>
Have I missed something obvious?
/Carl
|
|
From: Damyan I. <di...@cr...> - 2005-11-24 09:31:51
|
Erik G=C3=BCnther wrote:
> tor 2005-11-24 klockan 09:05 +0200 skrev Damyan Ivanov:=20
>=20
>>Shimon Rura wrote:
>>
>>>Erik,
>>>
>>>Unfortunately, I don't think there is a perfect solution to this. The=
>>
>>Whatever encoding a browses uses to send data, it is mandatory to suppl=
y
>>correct Content-Type header, right? Can't this be used when determining=
request
>>encoding?
>=20
> Hmmm I did some checks on that and the only Content-Type header are fro=
m
> the server to the browser. The other way around I can only find
> Accept-Charset. That aren't the same.
You're right. I've had to check this beforehand.
I see "Content-Type: application/x-www-form-urlencoded" header for POST
requests, but even in it, there's no charset mentioned. :-(
Here's excerpt from RFC 2070 - Internationalization of the Hypertext Mark=
up
Language. No ideal solution, though :-/
5.2. Form submission
The HTML 2.0 form submission mechanism, based on the "application/x-
www-form-urlencoded" media type, is ill-equipped with regard to
internationalization. In fact, since URLs are restricted to ASCII
characters, the mechanism is akward even for ISO-8859-1 text.
Section 2.2 of [RFC1738] specifies that octets may be encoded using
the "%HH" notation, but text submitted from a form is composed of
characters, not octets. Lacking a specification of a character
encoding scheme, the "%HH" notation has no well-defined meaning.
The best solution is to use the "multipart/form-data" media type
described in [RFC1867] with the POST method of form submission. This
mechanism encapsulates the value part of each name-value pair in a
body-part of a multipart MIME body that is sent as the HTTP entity;
each body part can be labeled with an appropriate Content-Type,
including if necessary a charset parameter that specifies the
character encoding scheme. The changes to the DTD necessary to
support this method of form submission have been incorporated in the
DTD included in this specification.
A less satisfactory solution is to add a MIME charset parameter to
the "application/x-www-form-urlencoded" media type specifier sent
along with a POST method form submission, with the understanding that
the URL encoding of [RFC1738] is applied on top of the specified
character encoding, as a kind of implicit Content-Transfer-Encoding.
One problem with both solutions above is that current browsers do not
generally allow for bookmarks to specify the POST method; this should
be improved. Conversely, the GET method could be used with the form
data transmitted in the body instead of in the URL. Nothing in the
protocol seems to prevent it, but no implementations appear to exist
at present.
How the user agent determines the encoding of the text entered by the
user is outside the scope of this specification.
NOTE -- Designers of forms and their handling scripts should be
aware of an important caveat: when the default value of a field
(the VALUE attribute) is returned upon form submission (i.e. the
user did not modify this value), it cannot be guaranteed to be
transmitted as a sequence of octets identical to that in the
source document -- only as a possibly different but valid encoding
of the same sequence of text elements. This may be true even if
the encoding of the document containing the form and that used for
submission are the same.
Differences can occur when a sequence of characters can be
represented by various sequences of octets, and also when a
composite sequence (a base character plus one or more combining
diacritics) can be represented by either a different but
equivalent composite sequence or by a fully precomposed character.
For instance, the UCS-2 sequence 00EA+0323 (LATIN SMALL LETTER E
WITH CIRCUMFLEX ACCENT + COMBINING DOT BELOW) may be transformed
into 1EC7 (LATIN SMALL LETTER E WITH CIRCUMFLEX ACCENT AND DOT
BELOW), into 0065+0302+0323 (LATIN SMALL LETTER E + COMBINING
CIRCUMFLEX ACCENT + COMBINING DOT BELOW), as well as into other
equivalent composite sequences.
> * New option in Config.xml that means use this charset if possible
> output_charset =3D "UTF-8"=20
>=20
> * When a request arrives we first look in the session for _encoding to
> see what encoding the request most likely be in and the change encoding=
> to default_input_charset. This only needs to be done on request with
> parameters (when QUERY_STRING or REQUEST_METHOD=3D'post'). If no sessio=
n
> or _encoding exists then use output_charset.=20
>=20
> If output_charset, default_input_charset and default_output_charset are=
> utf-8 then there are pretty small chances that a conversion ever is
> needed.=20
>=20
> If no output_charset exists in the config file the use the same behavio=
r
> we have to day, with no input_conversion.
To me (and I don't use pkit extensively), your proposal seems appropriate=
, it
should work except when the browser supports neither cookies, nor utf-8, =
which
I guess is very uncommon situation and isnot handled right now either.
Greetings,
dam
--=20
Damyan Ivanov Creditreform Bulgaria
di...@cr... http://www.creditreform.bg/
phone: +359(2)928-2611, 929-3993 fax: +359(2)920-0994
mob. +359(88)856-6067 da...@ja.../Gaim
|
|
From: Erik <eri...@bo...> - 2005-11-24 08:32:58
|
tor 2005-11-24 klockan 09:05 +0200 skrev Damyan Ivanov:=20 > Shimon Rura wrote: > > Erik, > >=20 > > Unfortunately, I don't think there is a perfect solution to this. The >=20 > Whatever encoding a browses uses to send data, it is mandatory to supply > correct Content-Type header, right? Can't this be used when determining r= equest > encoding? Hmmm I did some checks on that and the only Content-Type header are from the server to the browser. The other way around I can only find Accept-Charset. That aren't the same. So afaik there are only one way to do this the nice way. And that is to remember what encoding I did send the page in. And that should be saved in the session. The bad thing is that _every_ request needs a session :/ But if we add a new option in the Configfile eq output_charset (that mean use this if you can regardless of priority from the browser. But if the browser don't know this charset the use priority.) The the encoding for browser that don't use cookies (can't use sessions) we could guess the char-set to output_charset. With this it should be possible with a pretty god chans to find the right charset-encoding from the browser. =20 Implementation: * New option in Config.xml that means use this charset if possible output_charset =3D "UTF-8"=20 * When a request arrives we first look in the session for _encoding to see what encoding the request most likely be in and the change encoding to default_input_charset. This only needs to be done on request with parameters (when QUERY_STRING or REQUEST_METHOD=3D'post'). If no session or _encoding exists then use output_charset.=20 If output_charset, default_input_charset and default_output_charset are utf-8 then there are pretty small chances that a conversion ever is needed.=20 If no output_charset exists in the config file the use the same behavior we have to day, with no input_conversion. Ideas? comments? If not I'll try to do some/all of this this weekend. |
|
From: Damyan I. <di...@cr...> - 2005-11-24 07:05:31
|
Shimon Rura wrote: > Erik, > > Unfortunately, I don't think there is a perfect solution to this. The Whatever encoding a browses uses to send data, it is mandatory to supply correct Content-Type header, right? Can't this be used when determining request encoding? (I am not in PK internals, so my suggestion may be well off-track) dam -- Damyan Ivanov Creditreform Bulgaria di...@cr... http://www.creditreform.bg/ phone: +359(2)928-2611, 929-3993 fax: +359(2)920-0994 mob. +359(88)856-6067 da...@ja.../Gaim |
|
From: Shimon R. <sh...@ru...> - 2005-11-23 15:43:19
|
Erik, Unfortunately, I don't think there is a perfect solution to this. The browser is supposed to submit any forms using the encoding you served the page in, but there are so many levels of second-guessing about character encodings that this isn't guaranteed. For my site voo2do.com, I decided that if things weren't going to work perfectly, I might as well keep them simple. So I did the all-UTF-8 approach: I hacked PageKit to always send pages in UTF-8, regardless of wha= t the browser requested. Now people whose browsers don't support UTF-8 can't use non-ASCII characters on my site... but the site has plenty of Javascrip= t that won't work on old browsers anyway, so that probably doesn't hurt anyone. This isn't perfect, but serving in non-unicode is problematic too. With an unhacked pagekit, my site would be served using Latin-1 because my browser prefers it to UTF-8 for some reason. If I type some non-Latin-1 characters= , my browser will send HTML entity codes. Of course, there is no way to distinguish whether the user actually meant to type %u10123 or whether that's a trick the browser pulled. So I think it's best to just make everything unicode. A reasonable alternative might be to hack pagekit to serve in UTF-8 as long as it's one of the browser-supported encodings (even when it's not the preferred one), and only recode if UTF-8 is just unsupported. Then perhaps you have a slightly better chance of serving pre-UTF8 browsers. Good luck, and let us know how it goes. shimon. On 11/23/05, Erik G=FCnther <eri...@bo... > wrote: > > Hi > > I have played with pagekit for some time now. And now I would be able to > have a site that use UTF8 internally. But how to I do that. The easy > part is to have all files in UTF-8 and save to the DB in UTF-8 and so > on. But pagekit are smart and sends the page in the encoding the browser > prefers. That is not any problem. But who do I handle the input from a > form? > > I mean how do I know what char encoding the web-browser are sending in? > I can't trust the outgoing encoding because that is trivial to change in > ant browser. Afaik there are no serten way to tell what encoding by just > looking at the string. > > What are you doing to fix this? Om my previous site i "converted" all to > Latin-1. But that was just a ugly hack. utf8:Is_utf8() and > Encode::is_uft8() won't help they say false on every string passed by > apache. :/ > > > One way is to block pagekit and send everything in UTF-8 because most > often the browser will send the return in UTF-8... but that solution > aren't bullet prof. The user can still send in eg Latin-1 or the browser > do not handle UTF-8 (rare). > > Any ideas? > > -- > > /erikg > > Erik G=FCnther eri...@bo... > System Developer Bokus AB > +46 (0)40 - 35 21 19 icq: 160744619 > > Fortune: > 'Course, I haven't weighed in yet. :-) > -- Larry Wall in <199...@wa...> > > > -----BEGIN PGP SIGNATURE----- > Version: GnuPG v1.2.4 (GNU/Linux) > > iD8DBQBDhG03q1HQ7Yl9BM8RAqUoAJ9cjBKEBmF1GSmMfMMJEPlHDf2mQQCfWXH6 > 3V6AtwghzOqYdFWEcf4fdb8=3D > =3D4QYG > -----END PGP SIGNATURE----- > > > |
13 messages has been excluded from this view by a project administrator.
