I'm planning to release a 2.0.4 with the few bugfixes
I did, the extended manual with new pages for previously
undocumented commands and the new makeurl command, which
should be 100% compatible, being the support for a
relative URI a simple extension of what the command did
before.

I wonder whether the new load_env and load_headers
commands fit a bugfix release or they ought to
be put off for a 2.1.0 release. I personally favor
to release them right away.

Basically the new commands enable the programmer to
create arrays in a procedure's local scope.

Their argument default value (an array name) has been
fully qualified in order to make it reside in the
::request namespace, which is wiped out before every
request is processed. So, no big deal if they are called
from within a procedure, the net effect will be the same.

As a matter of fact, the new commands are fixing a
possible security weakness: so far calling load_env and
load_headers from a pure Tcl script with default
arguments would force the 'env' and 'headers' arrays
to be created in the global namespace because that's
a .tcl file default scope.
This implies these arrays won't be deleted across
subsequent requests, leaving open in principle the
chance to read environment variables
set in other contexts. Page manuals about these
commands should stress this point in order to
make the programmer aware of the possible pitfalls of
forcing the data to be scoped in the global namespace.

comments?

 -- Massimo





---------------------------------------------------------------------
To unsubscribe, e-mail: rivet-dev-unsubscr...@tcl.apache.org
For additional commands, e-mail: rivet-dev-h...@tcl.apache.org

Reply via email to