On Wed, 26 Feb 2003, Phillip Warner wrote:
On Wed, 26 Feb 2003 10:17:14 -0300 (CLST) Jorge Arellano Cid <jcid@softhome.net> wrote:
The patch:
This patch does two things:
1.- Keeps a backup of the bookmarks file: bm.txt.bak 2.- Avoids not loading the bookmarks file by issuing a conditional load before any operation.
Notes: * The backup file is made by renaming the original file, so if a write error happens the backup remains! * The backup is made when the original file has a size greater than 256 bytes (just in case!).
Please test it as hard as you can.
The test was successful on my end. However, if I kill the server with -9, the pipe remains and the server will not reload. If I then remove the pipe, the server loads and responds "Hi browser" but no bookmarks are written. If I then try to access the bookmarks, I get a blank page. If I then close dillo, the server also stops.
Of course, after reloading dillo all is well.
But, no bookmarks are lost, except the ones that were chosen after the server was killed.
Is there a way to overwrite the abandoned pipe (when no server is running) when restarting the server? I know sylpheed does this.
Yes, this situation is problematic. Besides the 'kill -9', a system crash can also leave the socket's filename in /tmp... and the trouble only ends when the user realizes he must remove the socket's filename manually! After some thought, I finally found a way to check these problems using connect(). I'm not sure which error code (errno number) the different OSes will return, so I included: ECONNREFUSED, EBADF, ENOTSOCK and EADDRNOTAVAIL. GNU/Linux returns ECONNREFUSED in this case. ...and I almost forgot that sometime ago (Nov 27), Ben Wolley wrote:
Hello Jorge,
I just tried out the dpi1 bookmarks plugin, and I really like the concept. But I started wondering if someone could take advantage of a dpi URL to do something improper.
<html> <body> <a href="dpi:/bm/modify?operation=add_url2&title=home&url=http%3A%2F%2Fhome&sub mit=submit.">test</a> <img src="dpi:/bm/modify?operation=add_url2&title=home2&url=http%3A%2F%2Fhome&submit=submit." alt="test image"> </body> </html>
When I load that page, not only does the image alter my bookmarks, when I click on the link the window closes (after altering my bookmarks). This seems to be an issue similar to what is discussed in the HTTP 1.1 spec section 15.1.3.
Can POST data be sent instead? Section 9.5 says that POST should be used for "extending a database through an append operation", which is what the plugin actually does.
A hacked dpi-request using POST can also be faked, so the decision was to only allow dpi-urls from dpi-generated pages. The attached patch (against dillo-0.7.0) does five things: 1.- Keeps a backup of the bookmarks file: bm.txt.bak 2.- Avoids not loading the bookmarks file by issuing a conditional load before any operation. 3.- Takes care of EINTR while in recv(). 4.- Tests the socket's filename to be responsive and relaunchs the server if necessary. 5.- Allows dpi-requests, but only from dpi-generated pages. Most probably this will be the patch in the bug-fix release. Once again, please test it throughly! Cheers Jorge.-