I'm planning to release a 2.0.4 with the few bugfixes I did, the extended manual with new pages for previously undocumented commands and the new makeurl command, which should be 100% compatible, being the support for a relative URI a simple extension of what the command did before.
I wonder whether the new load_env and load_headers commands fit a bugfix release or they ought to be put off for a 2.1.0 release. I personally favor to release them right away. Basically the new commands enable the programmer to create arrays in a procedure's local scope. Their argument default value (an array name) has been fully qualified in order to make it reside in the ::request namespace, which is wiped out before every request is processed. So, no big deal if they are called from within a procedure, the net effect will be the same. As a matter of fact, the new commands are fixing a possible security weakness: so far calling load_env and load_headers from a pure Tcl script with default arguments would force the 'env' and 'headers' arrays to be created in the global namespace because that's a .tcl file default scope. This implies these arrays won't be deleted across subsequent requests, leaving open in principle the chance to read environment variables set in other contexts. Page manuals about these commands should stress this point in order to make the programmer aware of the possible pitfalls of forcing the data to be scoped in the global namespace. comments? -- Massimo --------------------------------------------------------------------- To unsubscribe, e-mail: rivet-dev-unsubscr...@tcl.apache.org For additional commands, e-mail: rivet-dev-h...@tcl.apache.org