Several errors in mod_rivet

Thu, 10 May 2012 05:54:44 -0700 

Hi all

I found several errors in mod_rivet. Patches to fix them are attached.

The package DIO doesn't check server connection.
For example, if set in mysql config "wait_timeout = 60", after 1 minute I get the error "server has gone away". [1]
Also in DIO. Multiple fields in "delete" returns sql-query with wrong syntax. For example: db delete [list $var1 $var2] -keyfield [list {var1} {var2}] -table {my_table}. [2]
In the session package. The session data need to delete (rivet_session_cache table). Wrong syntax in sql-query and "ON DELETE CASCADE" available only for mysql-engine INNODB. May make sense a cleaning table through a script? [3] 

A small addition. Cookie doesn't support HttpOnly flag. [4]

1. *dio_check_conn.diff*
2. *fix_delete_for_multiple_fields.diff*
3. *delete_session_data.diff*
4. *add_HttpOnly_cookies.diff*

--
Best regards,
Cyril


diff -Naur ./rivet/packages/session/session-class.tcl ../rivet-2.0.4/rivet/packages/session/session-class.tcl
--- ./rivet/packages/session/session-class.tcl	2006-06-07 11:51:20.000000000 +0400
+++ ../rivet-2.0.4/rivet/packages/session/session-class.tcl	2012-05-09 20:57:13.708584701 +0400
@@ -87,6 +87,9 @@
     # specifies whether cookies should only be sent over secure connections
     public variable cookieSecure 0
 
+    # specifies whether cookies should only be sent over http connections
+    public variable cookieHttpOnly 0
+
     # the name of the table that session info will be stored in
     public variable sessionTable "rivet_session"
 
@@ -192,7 +195,8 @@
 	cookie set $cookieName $value \
 	    -path $cookiePath \
 	    -minutes $cookieLifetime \
-	    -secure $cookieSecure
+	    -secure $cookieSecure \
+	    -HttpOnly $cookieHttpOnly
     }
 
     #
diff -Naur ./rivet/rivet-tcl/cookie.tcl ../rivet-2.0.4/rivet/rivet-tcl/cookie.tcl
--- ./rivet/rivet-tcl/cookie.tcl	2005-09-26 03:50:18.000000000 +0400
+++ ../rivet-2.0.4/rivet/rivet-tcl/cookie.tcl	2012-05-09 23:03:12.048588367 +0400
@@ -55,6 +55,9 @@
     if { [info exists params(secure)] && $params(secure) == 1} {
         append cookieParams "; secure"
     }
+    if { [info exists params(HttpOnly)] && $params(HttpOnly)} {
+        append cookieParams "; HttpOnly"
+    }
 
     return $cookieParams
 }

diff -Naur ./rivet/packages/session/session-create-mysql.sql ../rivet-2.0.4/rivet/packages/session/session-create-mysql.sql
--- ./rivet/packages/session/session-create-mysql.sql	2006-06-07 11:51:20.000000000 +0400
+++ ../rivet-2.0.4/rivet/packages/session/session-create-mysql.sql	2012-05-10 16:12:05.190368584 +0400
@@ -13,17 +13,18 @@
     session_update_time	datetime    default NULL,
     session_id		varchar(64) NOT NULL default '',
     PRIMARY KEY	(session_id)
-); 
+) ENGINE=INNODB; 
 
 DROP TABLE IF EXISTS `rivet_session_cache`;
 create table rivet_session_cache(
-    session_id		varchar(128)	default NULL REFERENCES rivet_session(session_id) ON DELETE CASCADE,
+    session_id		varchar(128)	default NULL,
     package_		varchar(64)	default NULL,
     key_		varchar(128)	default NULL,
     data                varchar(255)	default NULL,
 
     UNIQUE KEY riv_sess_cache_ix( session_id, key_ ),
-    KEY rivet_session_cache_idx (session_id)
-);
+    KEY rivet_session_cache_idx (session_id),
+    FOREIGN KEY (session_id) REFERENCES rivet_session(session_id) ON DELETE CASCADE
+) ENGINE=INNODB;
 -- create index rivet_session_cache_idx ON rivet_session_cache( session_id );
 

diff -Naur ./rivet/packages/dio/dio_Mysql.tcl ../rivet-2.0.4/rivet/packages/dio/dio_Mysql.tcl
--- ./rivet/packages/dio/dio_Mysql.tcl	2008-01-08 20:10:41.000000000 +0300
+++ ../rivet-2.0.4/rivet/packages/dio/dio_Mysql.tcl	2012-05-09 23:44:37.238589571 +0400
@@ -64,7 +64,7 @@
 	}
 
 	method exec {req} {
-	    if {![info exists conn]} { open }
+	    if {![info exists conn] || ![mysqlping $conn]} { open }
 
 	    set cmd mysqlexec
 #
@@ -89,7 +89,7 @@
 	}
 
 	method lastkey {} {
-	    if {![info exists conn]} { return }
+	    if {![info exists conn] || ![mysqlping $conn]} { return }
 	    return [mysqlinsertid $conn]
 	}
 
@@ -107,7 +107,7 @@
 	}
 
 	method handle {} {
-	    if {![info exists conn]} { open }
+	    if {![info exists conn] || ![mysqlping $conn]} { open }
 
 	    return $conn
 	}
@@ -158,7 +158,7 @@
 	}
 
 	public variable db "" {
-	    if {[info exists conn]} {
+	    if {[info exists conn] && [mysqlping $conn]} {
 		mysqluse $conn $db
 	    }
 	}

diff -Naur ./rivet/packages/dio/dio.tcl ../rivet-2.0.4/rivet/packages/dio/dio.tcl
--- ./rivet/packages/dio/dio.tcl	2008-01-08 20:10:41.000000000 +0300
+++ ../rivet-2.0.4/rivet/packages/dio/dio.tcl	2012-05-09 23:49:44.158589721 +0400
@@ -235,13 +235,13 @@
 	## If we're not using multiple keyfields, just return a simple
 	## where clause.
 	if {[llength $myKeyfield] < 2} {
-	    return " WHERE $myKeyfield = [makeDBFieldValue $table $myKeyfield $myKey]"
+	    return " WHERE `${myKeyfield}` = [makeDBFieldValue $table $myKeyfield $myKey]"
 	}
 
 	# multiple fields, construct it as a where-and
 	set req " WHERE 1 = 1"
 	foreach field $myKeyfield key $myKey {
-	    append req " AND $field=[makeDBFieldValue $table $field $key]"
+	    append req " AND `${field}` = [makeDBFieldValue $table $field $key]"
 	}
 	return $req
     }
@@ -547,7 +547,7 @@
     #
     method delete {key args} {
 	table_check $args
-	set req "delete from $myTable"
+	set req "delete from `${myTable}`"
 	append req [build_key_where_clause $myKeyfield $key]
 
 	set res [exec $req]


---------------------------------------------------------------------
To unsubscribe, e-mail: rivet-dev-unsubscr...@tcl.apache.org
For additional commands, e-mail: rivet-dev-h...@tcl.apache.org

Reply via email to