some comments and changes for the previous commit

This commit is contained in:
lars 2006-09-06 13:13:17 +00:00
parent 7f9c736116
commit 0835144ad1
3 changed files with 10 additions and 6 deletions

View File

@ -13,6 +13,7 @@ class CryptoBoxWebserverSettings:
## RFC: arbitrarily importing all available keys does not sound very secure [l]
## RFC: settings with the same names in different sections (Log, Main, ...) will collide silently - right? [l]
## yep, we'll have to divide between settings for clearsilver and settings we need for other webstuff [a]
## I think it would be better to expose only the necessary settings (manually - not just everything) [l]
for key in self.cbxPrefs["WebSettings"].keys():
website.settings["Settings."+key] = self.cbxPrefs["WebSettings"][key]
## also all Log values

View File

@ -48,6 +48,7 @@ class CryptoBoxWebserverSites(CryptoBox.CryptoBoxProps, CryptoBoxWebserverSettin
'''
# RFC: this dictionary is not sufficient for arbitrary text inputs (e.g.: names) or numbers [l]
# what way would we sanizite such input? just exclude forbidden elements? [a]
# I would prefer a seperate function for each possible setting [l]
niceparams = {
'weblang': ["Settings.Language", self.settings["Settings.AvailableLanguages"]],
'loglevel': ["Log.Level", ('','info', 'warn', 'debug', 'error')],
@ -64,6 +65,7 @@ class CryptoBoxWebserverSites(CryptoBox.CryptoBoxProps, CryptoBoxWebserverSettin
if evilparams[nicekey] and evilparams[nicekey] in niceparams[nicekey][1]:
# RFC: isn't "self.settings" a non-obvious name for user input? [l]
# self.settings is used by clearsilver [a]
# yes, but why should clearsilver have access to the user input? [l]
self.settings[niceparams[nicekey][0]] = evilparams[nicekey]
#self.log.warn(niceparams[nicekey][0])
#self.log.warn(evilparams[nicekey])
@ -156,8 +158,9 @@ class CryptoBoxWebserverSites(CryptoBox.CryptoBoxProps, CryptoBoxWebserverSettin
self.settings["Data.Error"] = "NoDocumentation"
# TODO: what should be done, if there is an error?
# do you mean this is not an error? [a]
# it is, but the current action is still "show_doc" - despite the error - maybe "blank" would be better? [l]
## set doclang to weblang, otherwise the default weblang from the config will be used for doclang
elif self.settings["Settings.Language"] in ["Settings.AvailableDocLanguages"]:
elif self.settings["Settings.Language"] in self.settings["Settings.AvailableDocLanguages"]:
self.settings["Settings.DocLang"] = self.settings["Settings.Language"]
# TODO: missing 'else'?

View File

@ -29,7 +29,7 @@ WIKI_HOST="https://systemausfall.org"
# the trailing slash is important
WIKI_URL=/trac/cryptobox/wiki/
CBOX_CGI="?page="
CBOX_CGI="/doc?page="
LANGUAGES="de en"