Menu
▾
▴
phpesp-devel
|
From: Matthew G. <gr...@mu...> - 2002-04-11 01:42:28
Attachments:
auto_publish.diff
|
Attached is first run at a patch to allow publishing of surveys without needing to manually create a php "include" file. Take a look in handler-prefix.php where the remote user id is found. I commented the QUERY_STRING case because it would grab the query string for survey selection every time. Can we live without that case? Please point out other gaping holes that are sure to exist. -- brought to you by, Matthew Gregg... one of the friendly folks in the IT Lab. --------------------------------------\ The IT Lab (http://www.itlab.musc.edu) \____________________ Probably the world's premier software development center. Serving: Programming, Tools, Ice Cream, Seminars |
|
From: James E. F. <jf...@ac...> - 2002-04-14 19:05:46
|
On Wed, 10 Apr 2002, Matthew Gregg wrote: > Attached is first run at a patch to allow publishing of surveys > without needing to manually create a php "include" file. I made a few slight changes, nothing effecting use, and committed this patch. Thanks. > Take a look in handler-prefix.php where the remote user id is found. > I commented the QUERY_STRING case because it would grab the > query string for survey selection every time. Can we live without > that case? I changed this so that survey.php removes "name=xxx" from the query string, so no mods to handler-prefix were needed. Thanks for the patch. -James |
|
From: Kon A. <ang...@ip...> - 2002-04-16 09:49:44
|
Hi Guys,
Just downloaded the latest version to have a look at Matthews patch and was
looking at the code for handler.php
75 $action = $HTTP_SERVER_VARS['PHP_SELF'];
76 if (!empty($HTTP_SERVER_VARS['QUERY_STRING']))
77 $action .= "?" . $HTTP_SERVER_VARS['QUERY_STRING'];
should line 77 read $action = "?" .$HTTP_SERVER_VARS['QUERY_STRING']; instead?
otherwise couldn't we have the following scenario when, for example we test
surveys?
..../.../manage.php?where=test&sid=xx - then clicking the submit button would
generate:
../../manage.php?where=test?where=test&sid=xx
Regards
Kon
On Mon, 15 Apr 2002 05:05, James E. Flemer wrote:
> On Wed, 10 Apr 2002, Matthew Gregg wrote:
> > Attached is first run at a patch to allow publishing of surveys
> > without needing to manually create a php "include" file.
>
> I made a few slight changes, nothing effecting use, and
> committed this patch. Thanks.
>
> > Take a look in handler-prefix.php where the remote user id is found.
> > I commented the QUERY_STRING case because it would grab the
> > query string for survey selection every time. Can we live without
> > that case?
>
> I changed this so that survey.php removes "name=xxx" from
> the query string, so no mods to handler-prefix were needed.
>
> Thanks for the patch.
>
> -James
>
>
> _______________________________________________
> phpESP-devel mailing list
> php...@li...
> https://lists.sourceforge.net/lists/listinfo/phpesp-devel
|
|
From: James E. F. <jf...@ac...> - 2002-04-16 14:40:25
|
Well, I see the problem, but I fixed it in where/test.inc instead. Now that the handler sanely treats the QUERY_STRING, I removed the QS mangling code in test.inc, that made it possible to embed the handler within the mangagemnt interface. Please checkout the latest revision of that file and see if your problems go away. -James On Tue, 16 Apr 2002, Kon Angelopoulos wrote: > Hi Guys, > > Just downloaded the latest version to have a look at Matthews patch and was > looking at the code for handler.php > > > 75 $action = $HTTP_SERVER_VARS['PHP_SELF']; > 76 if (!empty($HTTP_SERVER_VARS['QUERY_STRING'])) > 77 $action .= "?" . $HTTP_SERVER_VARS['QUERY_STRING']; > > should line 77 read $action = "?" .$HTTP_SERVER_VARS['QUERY_STRING']; instead? > > otherwise couldn't we have the following scenario when, for example we test > surveys? > > ..../.../manage.php?where=test&sid=xx - then clicking the submit button would > generate: > ../../manage.php?where=test?where=test&sid=xx > > > Regards > > > Kon |
|
From: Kon A. <ang...@ip...> - 2002-04-17 12:38:04
|
Cheers James, That did the trick. Kon On Wed, 17 Apr 2002 00:40, James E. Flemer wrote: > Well, I see the problem, but I fixed it in where/test.inc > instead. Now that the handler sanely treats the > QUERY_STRING, I removed the QS mangling code in test.inc, > that made it possible to embed the handler within the > mangagemnt interface. Please checkout the latest revision > of that file and see if your problems go away. > > -James > > On Tue, 16 Apr 2002, Kon Angelopoulos wrote: > > Hi Guys, > > > > Just downloaded the latest version to have a look at Matthews patch and > > was looking at the code for handler.php > > > > > > 75 $action = $HTTP_SERVER_VARS['PHP_SELF']; > > 76 if (!empty($HTTP_SERVER_VARS['QUERY_STRING'])) > > 77 $action .= "?" . > > $HTTP_SERVER_VARS['QUERY_STRING']; > > > > should line 77 read $action = "?" .$HTTP_SERVER_VARS['QUERY_STRING']; > > instead? > > > > otherwise couldn't we have the following scenario when, for example we > > test surveys? > > > > ..../.../manage.php?where=test&sid=xx - then clicking the submit button > > would generate: > > ../../manage.php?where=test?where=test&sid=xx > > > > > > Regards > > > > > > Kon > > _______________________________________________ > phpESP-devel mailing list > php...@li... > https://lists.sourceforge.net/lists/listinfo/phpesp-devel |
|
From: Matthew G. <gr...@mu...> - 2002-04-16 15:07:28
|
The change to remove "name=xxx" from the query string brings up a small problem. The first time through a survey the referer is set correctly so that the "return" link on the "thank you" page works correctly, however, if you click that link to take the survey again, the "name=xxx" will be dropped from the referer. So a second time through the survey the "return" link fails. On Sun, Apr 14, 2002 at 03:05:39PM -0400, James E. Flemer wrote: > On Wed, 10 Apr 2002, Matthew Gregg wrote: > > > Attached is first run at a patch to allow publishing of surveys > > without needing to manually create a php "include" file. > > I made a few slight changes, nothing effecting use, and > committed this patch. Thanks. > > > Take a look in handler-prefix.php where the remote user id is found. > > I commented the QUERY_STRING case because it would grab the > > query string for survey selection every time. Can we live without > > that case? > > I changed this so that survey.php removes "name=xxx" from > the query string, so no mods to handler-prefix were needed. > > Thanks for the patch. > > -James > -- brought to you by, Matthew Gregg... one of the friendly folks in the IT Lab. --------------------------------------\ The IT Lab (http://www.itlab.musc.edu) \____________________ Probably the world's premier software development center. Serving: Programming, Tools, Ice Cream, Seminars |
|
From: James E. F. <jf...@ac...> - 2002-04-16 15:31:40
|
Well ... Ideally the "return" link is supposed to be to the page _before_ the survey. So you've got some index.html somewhere with [a href="/survey.php?name=foo"] Take a Survey [/a] Then the "return" link should take you back to "index.html". However if you type http://place.ext/survey.php?name=foo into the url bar, then there is no referrer, so it sorta goes back to itself. What do you all think the policy should be? Vote: http://phpesp.sf.net/demo/test.php?sid=2944&userid=devel Results: http://phpesp.sf.net/demo/test.php?sid=2944&results=1 -James On Tue, 16 Apr 2002, Matthew Gregg wrote: > The change to remove "name=xxx" from the query string brings up a > small problem. > > The first time through a survey the referer is set correctly so that > the "return" link on the "thank you" page works correctly, however, if > you click that link to take the survey again, the "name=xxx" will be > dropped from the referer. So a second time through the survey the > "return" link fails. |
|
From: Matthew G. <gr...@mu...> - 2002-04-16 15:46:26
|
On Tue, Apr 16, 2002 at 11:31:35AM -0400, James E. Flemer wrote: > Well ... Ideally the "return" link is supposed to be to the > page _before_ the survey. Oh duh, yeah that would make sense. > > So you've got some index.html somewhere with > [a href="/survey.php?name=foo"] Take a Survey [/a] > Then the "return" link should take you back to > "index.html". > > However if you type http://place.ext/survey.php?name=foo > into the url bar, then there is no referrer, so it sorta > goes back to itself. > > What do you all think the policy should be? > > Vote: > http://phpesp.sf.net/demo/test.php?sid=2944&userid=devel Vote cast. > Results: > http://phpesp.sf.net/demo/test.php?sid=2944&results=1 > > -James > > > On Tue, 16 Apr 2002, Matthew Gregg wrote: > > > The change to remove "name=xxx" from the query string brings up a > > small problem. > > > > The first time through a survey the referer is set correctly so that > > the "return" link on the "thank you" page works correctly, however, if > > you click that link to take the survey again, the "name=xxx" will be > > dropped from the referer. So a second time through the survey the > > "return" link fails. > -- brought to you by, Matthew Gregg... one of the friendly folks in the IT Lab. --------------------------------------\ The IT Lab (http://www.itlab.musc.edu) \____________________ Probably the world's premier software development center. Serving: Programming, Tools, Ice Cream, Seminars |
|
From: Matthew G. <gr...@mu...> - 2002-04-16 16:02:05
|
One other thing.
survey.php doesn't take into account private surveys.
I think it's a small change to do this, but larger than I felt safe committing
to CVS myself :-)
- $sql = "SELECT id,title FROM survey WHERE name = '$_name'";
+ $sql = "SELECT id, title, public FROM survey WHERE name = '$_name'";
if ($result = mysql_query($sql)) {
if (mysql_num_rows($result) > 0)
- list($sid, $_title) = mysql_fetch_row($result);
+ list($sid, $_title, $public) = mysql_fetch_row($result);
mysql_free_result($result);
}
}
+ if ($public == "N") {
+ include($ESPCONFIG['handler_prefix']);
+ }
?>
On Sun, Apr 14, 2002 at 03:05:39PM -0400, James E. Flemer wrote:
> On Wed, 10 Apr 2002, Matthew Gregg wrote:
>
> > Attached is first run at a patch to allow publishing of surveys
> > without needing to manually create a php "include" file.
>
> I made a few slight changes, nothing effecting use, and
> committed this patch. Thanks.
>
> > Take a look in handler-prefix.php where the remote user id is found.
> > I commented the QUERY_STRING case because it would grab the
> > query string for survey selection every time. Can we live without
> > that case?
>
> I changed this so that survey.php removes "name=xxx" from
> the query string, so no mods to handler-prefix were needed.
>
> Thanks for the patch.
>
> -James
>
--
brought to you by, Matthew Gregg...
one of the friendly folks in the IT Lab.
--------------------------------------\
The IT Lab (http://www.itlab.musc.edu) \____________________
Probably the world's premier software development center.
Serving: Programming, Tools, Ice Cream, Seminars
|
|
From: James E. F. <jf...@ac...> - 2002-04-16 16:55:52
|
Thanks for pointing that out.
I just committed smaller patch doing the same thing. :-)
There is no need to check public, since the handler prefix
is included by the handler (if it hasn't already) anyway,
so now we just include it explicitly above any content.
if ($result = mysql_query($sql)) {
if (mysql_num_rows($result) > 0)
list($sid, $_title) = mysql_fetch_row($result);
mysql_free_result($result);
}
}
+ include($ESPCONFIG['handler_prefix']);
?>
Checkout new revision from cvs.
-James
On Tue, 16 Apr 2002, Matthew Gregg wrote:
> One other thing.
> survey.php doesn't take into account private surveys.
> I think it's a small change to do this, but larger than I felt safe committing
> to CVS myself :-)
>
> - $sql = "SELECT id,title FROM survey WHERE name = '$_name'";
> + $sql = "SELECT id, title, public FROM survey WHERE name = '$_name'";
> if ($result = mysql_query($sql)) {
> if (mysql_num_rows($result) > 0)
> - list($sid, $_title) = mysql_fetch_row($result);
> + list($sid, $_title, $public) = mysql_fetch_row($result);
> mysql_free_result($result);
> }
> }
> + if ($public == "N") {
> + include($ESPCONFIG['handler_prefix']);
> + }
> ?>
|
×
Want the latest updates on software, tech news, and AI?
Get latest updates about software, tech news, and AI from SourceForge directly in your inbox once a month.
Thanks for helping keep SourceForge clean.
X