This is really great. Thanks for all your work. I think the load_env and load_headers scoping are smart and I favor putting them in.
On Sep 18, 2011, at 11:51 AM, Massimo Manghi wrote: > I'm planning to release a 2.0.4 with the few bugfixes > I did, the extended manual with new pages for previously > undocumented commands and the new makeurl command, which > should be 100% compatible, being the support for a > relative URI a simple extension of what the command did > before. > > I wonder whether the new load_env and load_headers > commands fit a bugfix release or they ought to > be put off for a 2.1.0 release. I personally favor > to release them right away. > > Basically the new commands enable the programmer to > create arrays in a procedure's local scope. > > Their argument default value (an array name) has been > fully qualified in order to make it reside in the > ::request namespace, which is wiped out before every > request is processed. So, no big deal if they are called > from within a procedure, the net effect will be the same. > > As a matter of fact, the new commands are fixing a > possible security weakness: so far calling load_env and > load_headers from a pure Tcl script with default > arguments would force the 'env' and 'headers' arrays > to be created in the global namespace because that's > a .tcl file default scope. > This implies these arrays won't be deleted across > subsequent requests, leaving open in principle the > chance to read environment variables > set in other contexts. Page manuals about these > commands should stress this point in order to > make the programmer aware of the possible pitfalls of > forcing the data to be scoped in the global namespace. > > comments? > > -- Massimo > > > > > > --------------------------------------------------------------------- > To unsubscribe, e-mail: rivet-dev-unsubscr...@tcl.apache.org > For additional commands, e-mail: rivet-dev-h...@tcl.apache.org > --------------------------------------------------------------------- To unsubscribe, e-mail: rivet-dev-unsubscr...@tcl.apache.org For additional commands, e-mail: rivet-dev-h...@tcl.apache.org
