newsclipperdevlist  

Web-based handler submission

David Coppit
Tue, 6 Jul 1999 13:38:05 -0700

Okay, I'm tired of manually updating the handler database. Soon I'm hoping to
implement a web-based submission process, where handler developers can submit
their handlers and have them approved by me.

It would work like this:

1) Have developer enter URL or paste handler text into box.
2) Run a series of checks:
   - Can we extract vital statistics from the handler comments?
   - Does the handler have any "eval", backticks, or "system" calls?
   - Does the handler try to open or write to any files?
   - Does the handler have FilterType and OutputType if needed?
   - Does it look like the Get or Filter function forgot to bless the data
     before returning it?
   - Does the handler use "always" for the update times?
   - Does the handler generate output when run like
     "<!-- newsclipper <input name=handlername> -->"?
3) Show an error message if one of the checks fails, and abort the process.
4) If all checks pass, show the developer what the extracted info is, and
   the sample output.
5) If the developer says okay, send email to the moderator and store the
   handler in a temporary location.
6) Moderator reads email, and looks at handler code, then updates the
   database if the handler is accepted.

What do you guys think? Are there any more checks I need to do? (Especially
security-related ones. I don't want to execute untrusted code, or enter a
handler into the database that could be malicious.) Is there any way to
streamline this process more?

Regards,
David

_________________________________________________________________________
David Coppit - Graduate Student        [EMAIL PROTECTED]      
The University of Virginia             http://coppit.org/
    "Yes," said Piglet, "Rabbit has Brain." There was a long silence.
"I suppose," said Pooh, "that that's why he never understands anything."


-
If you would like to unsubscribe from this mailing list send an email to 
[EMAIL PROTECTED] with the body "unsubscribe newsclipperdevlist 
YOUR_EMAIL_ADDRESS" (without the quotes) or use the form provided at 
http://www.NewsClipper.com/TechSup.htm#MailingList.