Hi everyone, to extend on that Sling POST servlet topic a bit, with a slight rant ;-):
Could we use or extend this feature (SLING-2120) to get rid of the "viral" way that "./" works? The usual problem is that once someone starts to use "./" somewhere, every single parameter (that should be stored as a jcr property) must be prefixed with "./". That also makes roundtripping with JSPs or servlets that read from the repository (or via the sling json servlet) a bit ugly, since you need to be able to handle "./" everywhere. In my experience, 90-100% of a POST request are parameters that should *not* be ignored, and the rest are ":" style anyway. And the basic idea of "./" was to support existing parameters of html forms that can't be changed for some reason, but should not be stored in the repository - this is a very rare case I never encountered, hence it is an unfortunate optimization for the rare case. For example, could we only support "./" if that certain ignore regexp parameter is set (it probably needs some ! boolean to reverse the logic)? Because it's a very rare case that "./" is actually needed, I think in terms of backwards compatibility requiring people to use this new parameter in order to switch could be ok. Regards, Alex On 30.06.11 11:30, "Felix Meschberger (JIRA)" <[email protected]> wrote: > > [ >https://issues.apache.org/jira/browse/SLING-2120?page=com.atlassian.jira.p >lugin.system.issuetabpanels:all-tabpanel ] > >Felix Meschberger resolved SLING-2120. >-------------------------------------- > > Resolution: Fixed > >Implemented support for a new configuration parameter allowing to set a >regular expression pattern for request parameters to ignore in Rev. >1141456. > >> Add functionality to ignore some parameters from POST requests >> -------------------------------------------------------------- >> >> Key: SLING-2120 >> URL: https://issues.apache.org/jira/browse/SLING-2120 >> Project: Sling >> Issue Type: Improvement >> Components: Servlets >> Affects Versions: Servlets Post 2.1.0 >> Reporter: Felix Meschberger >> Assignee: Felix Meschberger >> Fix For: Servlets Post 2.1.2 >> >> >> In certain situations a POST request is accompanied with request >>parameters that are to be ignored. Currently the Sling POST Servlet has >>two mechanisms to handle such parameters: >> - any parameter starting with a colon (:) is ignored, e.g. :operation >> - only parameters starting with "./" are considered if at least one >>parameter has this format >> In certain situations, more parameters might be submitted ending in the >>POST Servlet and then being written to the repository. For example if a >>user tries to authenticated with form based authentication supplying >>j_username and j_password parameters then if the Sling POST Servlet is >>erroneously hit, these values might get written to the repository. >> We should add functionality to specify regular expressions for >>parameters which are to be ignored (apart from the existing mechanism). >>The default would be "j_.*" to ignore any parameters starting with j_ >>generally used for authentication > >-- >This message is automatically generated by JIRA. >For more information on JIRA, see: http://www.atlassian.com/software/jira > > > -- Alexander Klimetschek Developer // Adobe (Day) // Berlin - Basel
