>
> So - this looks identical to the "vanilla" example (VIRTUAL_URL,

ACTUAL_URL, URL). Does this configuration work as expected?

Yes.

In your case, PATH_INFO is /a/b/c/d/@@testing. I would've expected it to

be /example/a/b/c/d/@@testing, as it is in the first two examples.

exactly

perhaps repoze.zope2 has special handling for the case where

repoze.vhm.virtual_root is set and prefixes that to PATH_INFO when it

decides what to traverse to? That seems wrong But then, it's set in the

vhm_path case too. It is possible that z2bob is doing that prefixing,

and we're seeing a traversal like /example/example/a/b/c/d/@@testing,

which would work because of acquisition, possibly.

I assumed it was just acquisition trickery. Looking more closely, z2bob.py
uses the repoze.vhm.virtual_root via the getVirtualRoot in the
repoze.vhm.utils package to get the virtual root and it seems to create the
correct path for traversal regardless of the issue. Just some small things
are off, like content actions and I just noticed that related items don't
show also.

I'd try to construct a test case for repoze.vhm that illustrates this.

I think you were right that the problem is here:

virtual_url_parts += real_path[len(vroot_path):]

This is kind of why I said earlier that the tests weren't actually testing
it correctly. We should already be testing for this, it's just that the
existing tests expect wrong results. The test assumes the PATH_INFO does NOT
change after the filter application which is wrong.

If PATH_INFO is how it decides on what object to traverse to, then we should
be explicitly setting it in the xheader filter like is done in the xpath
filter. For instance, the only change needed is that the filter should look
like this,

Index: repoze/vhm/middleware.py

===================================================================

--- repoze/vhm/middleware.py (revision 7747)

+++ repoze/vhm/middleware.py (working copy)

@@ -85,6 +85,7 @@

     def __call__(self, environ, start_response):

         host_header = environ.get('HTTP_X_VHM_HOST')

         root_header = environ.get('HTTP_X_VHM_ROOT')

+        environ['PATH_INFO'] = root_header + environ['PATH_INFO']

         munge(environ, host_header, root_header)

         return self.application(environ, start_response)


along with the tests being fixed.

I'm sorry if I made this a bigger deal than it really is--seems like a
simple fix. I've been strapped for time and I'm just trying to do what I
can...

Let me know what you think.



Thanks,
Nathan

On Wed, Dec 30, 2009 at 7:06 AM, Martin Aspeli
<optilude+li...@gmail.com<optilude%2bli...@gmail.com>
> wrote:

> Nathan Van Gheem wrote:
> > Thanks for the feedback on this. I've set up some tests that I
> > think illustrate what is going on pretty well.
>
>  >> We can get you svn access for sure. :)
> > How can I go about getting that?
>
> Email Chris McDonough. At least that's what I did. ;)
>
> > Here are the test results..
> >
> > I've included the apache configuration in there just so you can see what
> > I'm up to.
> >
> >     Results
> >
> >     =======
> >
> >
> >     all requests coming on http://example.com:8888/a/b/c/d/@@testing
> >
> >
> >     Not using wsgi and virtual host monster
> >
> >     ---------------------------------------
> >
> >
> >     <VirtualHost *:8888>
> >
> >          ServerName example.com <http://example.com>
> >
> >          ServerAlias example.com <http://example.com>
> >
> >
> >          RewriteEngine On
> >
> >
> >          RewriteRule ^/(.*)
> >
> http://127.0.0.1:8499/VirtualHostBase/http/example.com:8888/example/VirtualHostRoot/$1
> >     [L,P]
> >
> >     </VirtualHost>
> >
> >
> >
> >     VIRTUAL_URL = http://example.com:8888/a/b/c/d/@@testing
> >
> >     PATH_INFO =
> >     /VirtualHostBase/http/
> example.com:8888/example/VirtualHostRoot/a/b/c/d/@@testing
> >     <http://example.com:8888/example/VirtualHostRoot/a/b/c/d/@@testing>
> >
> >     ACTUAL_URL = http://example.com:8888/a/b/c/d/@@testing
> >
> >     URL = http://example.com:8888/a/b/c/d/@@testing
> >
> >     SCRIPT_NAME =
> >
> >     repoze.vhm.virtual_root =
> >
> >     repoze.vhm.virtual_url =
> >
> >     repoze.vhm.virtual_host_base =
> >
> >     HTTP_X_VHM_HOST =
> >
> >     HTTP_X_VHM_ROOT =
> >
> >
> >
> >
> >     Using wsgi with vhm_path
> >
> >     ------------------------
> >
> >     VIRTUAL_URL = http://example.com:8888/a/b/c/d/@@testing
> >
> >     PATH_INFO = /example/a/b/c/d/@@testing
> >
> >     ACTUAL_URL = http://example.com:8888/a/b/c/d/@@testing
> >
> >     URL = http://example.com:8888/a/b/c/d/@@testing
> >
> >     SCRIPT_NAME =
> >
> >     repoze.vhm.virtual_root = /example
> >
> >     repoze.vhm.virtual_url = http://example.com:8888/a/b/c/d/@@testing
> >
> >     repoze.vhm.virtual_host_base = example.com:8888
> >     <http://example.com:8888>
> >
> >     HTTP_X_VHM_HOST =
> >
> >     HTTP_X_VHM_ROOT =
>
> So - this looks identical to the "vanilla" example (VIRTUAL_URL,
> ACTUAL_URL, URL). Does this configuration work as expected?
>
> >     Using wsgi with vhm_xheaders
> >
> >     ----------------------------
> >
> >     <VirtualHost *:8888>
> >
> >          ServerName example.com <http://example.com>
> >
> >          ServerAlias example.com <http://example.com>
> >
> >
> >          RewriteEngine On
> >
> >
> >          RewriteRule ^/(.*) http://127.0.0.1:8499/$1 [P,L]
> >
> >          RequestHeader add X-Vhm-Host http://example.com:8888
> >
> >          RequestHeader add X-Vhm-Root /example
> >
> >     </VirtualHost>
> >
> >
> >     VIRTUAL_URL = http://example.com:8888/b/c/d/@@testing
> >
> >     PATH_INFO = /a/b/c/d/@@testing
> >
> >     ACTUAL_URL = http://example.com:8888/b/c/d/@@testing
> >
> >     URL = http://example.com:8888/a/b/c/d/@@testing
> >
> >     SCRIPT_NAME =
> >
> >     repoze.vhm.virtual_root = /example
> >
> >     repoze.vhm.virtual_url = http://example.com:8888/b/c/d/@@testing
> >
> >     repoze.vhm.virtual_host_base = example.com:8888
> >     <http://example.com:8888>
> >
> >     HTTP_X_VHM_HOST = http://example.com:8888
> >
> >     HTTP_X_VHM_ROOT = /example
> >
> >
> > It does seem like we have a problem here as its chopping off the first
> > part of the path with the xheaders setup. I'm surprised that the site
> > works as well as it does with this kind of issue.
>
> That suggests that the number of elements chopped up is the same as the
> number of elements in X-VHM-Root. So, there is probably a bug in this
> scenario when:
>
>  - repoze.vhm.virtual_url/VIRTUAL_URL/ACTUAL_URL is being set, and:
>  - we have a repoze.vhm.virtual_root
>
> I'd try to construct a test case for repoze.vhm that illustrates this.
>
> I think you were right that the problem is here:
>
>    virtual_url_parts += real_path[len(vroot_path):]
>
> vroot_path is a list of the elements in the path given by X-VHM-Root, so
> that's where it's chopping off. real_path is a list of the elements in
> PATH_INFO.
>
> This still looks fishy, though. PATH_INFO, as far as I recall, needs to
> contain the full path, from the Zope root. This is what repoze.zope2's
> z2bob is using to traverse (I think...). That code clearly assumes this
> is the case, and so lops off the prefix which should be hidden to the user.
>
> In your case, PATH_INFO is /a/b/c/d/@@testing. I would've expected it to
> be /example/a/b/c/d/@@testing, as it is in the first two examples.
>
> Perhaps repoze.zope2 has special handling for the case where
> repoze.vhm.virtual_root is set and prefixes that to PATH_INFO when it
> decides what to traverse to? That seems wrong But then, it's set in the
> vhm_path case too. It is possible that z2bob is doing that prefixing,
> and we're seeing a traversal like /example/example/a/b/c/d/@@testing,
> which would work because of acquisition, possibly.
>
> Martin
>
> --
> Author of `Professional Plone Development`, a book for developers who
> want to work with Plone. See http://martinaspeli.net/plone-book
>
> _______________________________________________
> Repoze-dev mailing list
> Repoze-dev@lists.repoze.org
> http://lists.repoze.org/listinfo/repoze-dev
>
_______________________________________________
Repoze-dev mailing list
Repoze-dev@lists.repoze.org
http://lists.repoze.org/listinfo/repoze-dev

Reply via email to