requests and entities are now parsed. Furthermore the whole
request-entity handling has been changed to allow lazy parsing, parsed
entity headers, and flexible choice of entities. This is all to
support the handling of MIME multipart entities, especially
multipart/form-data. The current revision is a first cut, and some
further rewrites are needed.
query url requests. This is probably a stop-gap measure, until a more
general context processing framework (including session and validation
data) has been designed and implemented.
request read on a connection, which allows us to generate the correct
type of response in case of an error which is handled through
`handle-server-error'.
Also added code to correctly escape text that is inserted into error
messages. This is also a first step towards preventing cross-scripting
attacks through CLASH, although most of the code still has to be audited
for unfiltered passing through of user-supplied text.
with Allegro CL in "modern" mode. Although we don't think that
"modern" mode is the correct approach to case-sensitivity in CL, the
changes we made should also make it easier to work in ANSI-compliant
implementations/modes, with all the settings for readtable-case. Note
though that this is a first best effort attempt, and so further
case-ification bugs might still remain. YMMV.
response-header. Rewrote error handling code to provide more
information in the body. Adjust `read-request' to pass the connection
to `parse-request', see changes in messages.cl.
quoted-strings in both key and values of key value pairs and in simple
lists correctly. Also factored out all magic constants, added some
stuff to make this halfway efficient (profiling to be done). This
rewrite makes partition superfluous, maybe remove this from
src/utility.cl.
Added parsing of Base64 and authorization credentials.
instead of the stream, in our effort to reduce the passing around of
streams. This is also necessary in order to allow request handlers to
check for the address and/or hostname of the connection the request
came in from. Changed `parse-request' accordingly. TODO: Rendering
of messages should probably change over, too.
Added handling of Authority request-header, and WWW-Authenticate
response-headers. Changed order of response-header rendering to
follow RFC guidelines. Added automatic generation of Server
response-header, added correct handling and automatic initialization
of Date response-header. This should bring us closer to correct and
full handling of at least all HTTP/1.0 headers in responses. Request
parsing of some headers remains to be done.
Added ignore declarations to quiet the compiler.
versions of CMU CL, as well as guarding against short reads by
read-sequence on socket streams, though my understanding of the
standard seems to imply that read-sequence can only return prematurely
on EOF. But this way we shouldn't have any problems either way.
Added naive buffering functionality for use in CLASH. This is
currently only used to implement stream entities, but might have other
uses. Given the exitence of generational garbage collectors, it might
be advantageous to forego the pooling scheme and throw away buffers
after each use. This will depend on implementations and usage
patterns, though, so we should make this tunable...
Fixed various bugs in query-argument parsing (don't you just love
ambiguous standards?), and added functionality to default url slots
from another url object, to copy url objects and to externalize them.
Code to implement session management for resources. The current
version supports transient cookie based session management, but other
forms of management could be added without undue hassle.
The machinery in this file is used for the automatic creation of
responses in standardized (error) situations based on the information
contained in a condition.
Changed argument precedence order on access-resource and
access-resource-using-method to implement the expected semantics that
methods specialized on requests or request-methods overide more
general methods in base classes.
Also revamped the division of labour between entities and resources on
static resources (see entity.cl), so that static resources are simple
wrappers around static entities, which provide the content.
Added resources that handle dynamic content and forms by dispatching
to functions passed in during creation. This is to support simple
ad-hoc dynamic resources, whereas really dynamic resources will just
subclass resource and implement the stuff on their own.
Added a simple wrapper to bind form data passed in with a post request
(with-form-data). This should be unified with query-argument
processing.
Moved some of the common parsing and rendering subroutines to a new
file. Many other functions should probably be moved over here, so
watch this space as clean up progresses further.
