On Tue, Sep 22, 2009 at 1:21 PM, DrunkenMonk <[email protected]> wrote:
>> One day I'd like a simple plugin to move the "pages"
>> back end to a database. It's set up for it architecturally, just need
>> to hammer out the code.
>
> give me 5 minutes... Actually no, I'd have to decide what to do about
> the whole folders thing. Dum di dum...
Just ignore it. You don't really need that in a database I wouldn't
think. It's helpful for searching and the like in a file system. Or
on the other hand why not have your page name indexes something like
test/some.page?
> I'm prone to disagree with your statement. To truly be set up
> architecturally to be page storage independant, the code explicitly
> handling file access (file_exists, and fread) should be independantly
> extendable.
>
> if( function_exists('myBOLTreadpage') ) $contents = myBOLTreadpage
> ($location);
> else $contents = BOLTreadpage($location);
> if( $contents === NULL ) return '';
Here's the critical lines, you should be able to use in BOLTloadpage
and BOLTsavepage:
if (function_exists('myBOLTloadpage')) return myBOLTloadpage($page,
$dir, $data, $auth);
if (function_exists('myBOLTsavepage')) return myBOLTsavepage($page,
$newcontent, $newdata, $enableconflict, $indexing);
You got all the information you need. Just copy over the core
functions and customize the page read/write sections as needed.
> Of course, the page store is largely superfluous, and this doesn't
> jack into searches now that mysql can handle groups and searching
> faster than php...
You are right... I need to add a hook in the BOLTexists function.
Not sure about searching and indexing... I assume they use the
loadpage/savepage functions, so it should work ok... Not tested...
>> I might suggest a more parameterized breakdown. Something like:
>>
>> <(mysql insert field=title value="{:title}" db=tablename)>
>
> This was my first thought. I assumed it would let me control access
> better, have seperate auths for insert, select, drop table, etc.
> It fails when you realize how many possible parameters there are in
> mysql. So I changed it to use the php command "mysql_query" and let
> security be based on which mysql user is used. This prevents me from
> reinventing the wheel, among many other things. The mysql querys are
> kept close to the final product, and as I've said in other posts,
> google showed me a method that escapes parametrised, potentially
> dangerous code, in a nice way: any code that could ever come from
> someone other than you should be an "insert".
You are right. A big job. And more complex than necessary.
>> Then depending on the $args[1], in this case "insert" you check all
>> the parameters and construct your query.
>
> The java-like parametrized query seemed simpler. It works really well,
> and as long as I get past boltwires quotation needs, everything is
> correctly escaped.
Great. I think we are getting there. Wish I could be working more
closely with you on this. It's an interesting area I'd like to learn
more about. Looking forward to seeing your work.
>> I think you would have fewer
>> problems. Of course this doesn't solve the problem of what if " is in
>> the "{:title}". I don't see any way around that... There's no way
>> BoltWire can tell which ' to escape and which not to.
>
> Well... it could. You could escape inserted code in certain ways. '
> coming from {?inserts} are prepended by a \0, treat them differently
> in the regexps... . Keeps text-replacements bounded in php objects and
> implode the final output only at the end. There are ways.
> I think the easiest non-buggy way would involve generating boltwires
> parsing with a parser generator...
>
> Not without rebuilding the engine from near - scratch though. 4.0?
> 5.0?
Let's see how far we can get with tweaking our existing system. It
runs pretty well usually, and I'm more for making it smarter and
simpler than bringing in extra code I don't really understand or can
work with myself. We will need several big ideas to justify a 4.xx
release. Unless we just get up into the 3.80's or 3.90's. In that case
4.0 will come soon enough!
Cheers,
Dan
--~--~---------~--~----~------------~-------~--~----~
You received this message because you are subscribed to the Google Groups
"BoltWire" group.
To post to this group, send email to [email protected]
To unsubscribe from this group, send email to
[email protected]
For more options, visit this group at
http://groups.google.com/group/boltwire?hl=en
-~----------~----~----~----~------~----~------~--~---
