diff options
Diffstat (limited to 'qooxdoo/source/perl/CGI/Session')
18 files changed, 0 insertions, 2616 deletions
diff --git a/qooxdoo/source/perl/CGI/Session/Driver.pm b/qooxdoo/source/perl/CGI/Session/Driver.pm deleted file mode 100644 index 4f4b892..0000000 --- a/qooxdoo/source/perl/CGI/Session/Driver.pm +++ /dev/null @@ -1,202 +0,0 @@ -package CGI::Session::Driver; - -# $Id: Driver.pm 351 2006-11-24 14:16:50Z markstos $ - -use strict; -#use diagnostics; - -use Carp; -use CGI::Session::ErrorHandler; - -$CGI::Session::Driver::VERSION = "4.20"; -@CGI::Session::Driver::ISA = qw(CGI::Session::ErrorHandler); - -sub new { - my $class = shift; - my $args = shift || {}; - - unless ( ref $args ) { - croak "$class->new(): Invalid argument type passed to driver"; - } - - # perform a shallow copy of $args, to prevent modification - my $self = bless ({%$args}, $class); - return $self if $self->init(); - return $self->set_error( "%s->init() returned false", $class); -} - -sub init { 1 } - -sub retrieve { - croak "retrieve(): " . ref($_[0]) . " failed to implement this method!"; -} - -sub store { - croak "store(): " . ref($_[0]) . " failed to implement this method!"; -} - -sub remove { - croak "remove(): " . ref($_[0]) . " failed to implement this method!"; -} - -sub traverse { - croak "traverse(): " . ref($_[0]) . " failed to implement this method!"; -} - -sub dump { - require Data::Dumper; - my $d = Data::Dumper->new([$_[0]], [ref $_[0]]); - return $d->Dump; -} - - -1; - -__END__; - -=pod - -=head1 NAME - -CGI::Session::Driver - CGI::Session driver specifications - -=head1 WARNING - -Version 4.0 of CGI::Session's driver specification is B<NOT> backward compatible with previous specification. If you already have a driver developed to work with the previous version you're highly encouraged to upgrade your driver code to make it compatible with the current version. Fortunately, current driver specs are a lot easier to adapt to. - -If you need any help converting your driver to meet current specs, send me an e-mail. For support information see -L<CGI::Session|CGI::Session> - -=head1 SYNOPSIS - - require CGI::Session::Driver; - @ISA = qw( CGI::Session::Driver ); - -=head1 DESCRIPTION - -CGI::Session::Driver is a base class for all CGI::Session's native drivers. It also documents driver specifications for those willing to write drivers for different databases not currently supported by CGI::Session. - -=head1 WHAT IS A DRIVER - -Driver is a piece of code that helps CGI::Session library to talk to specific database engines, or storage mechanisms. To be more precise, driver is a F<.pm> file that inherits from CGI::Session::Driver and defines L<retrieve()|/"retrieve($self, $sid)">, L<store()|/"store($self, $sid, $datastr)"> and L<remove()|/"remove($self, $sid)"> methods. - -=head2 BLUEPRINT - -The best way of learning the specs is to look at a blueprint of a driver: - - package CGI::Session::Driver::your_driver_name; - use strict; - use base qw( CGI::Session::Driver CGI::Session::ErrorHandler ); - - sub init { - my ($self) = @_; - # optional - } - - sub DESTROY { - my ($self) = @_; - # optional - } - - sub store { - my ($self, $sid, $datastr) = @_; - # Store $datastr, which is an already serialized string of data. - } - - sub retrieve { - my ($self, $sid) = @_; - # Return $datastr, which was previously stored using above store() method. - # Return $datastr if $sid was found. Return 0 or "" if $sid doesn't exist - } - - sub remove { - my ($self, $sid) = @_; - # Remove storage associated with $sid. Return any true value indicating success, - # or undef on failure. - } - - sub traverse { - my ($self, $coderef) = @_; - # execute $coderef for each session id passing session id as the first and the only - # argument - } - - 1; - -All the attributes passed as the second argument to CGI::Session's new() or load() methods will automatically -be made driver's object attributes. For example, if session object was initialized as following: - - $s = CGI::Session->new("driver:your_driver_name", undef, {Directory=>'/tmp/sessions'}); - -You can access value of 'Directory' from within your driver like so: - - sub store { - my ($self, $sid, $datastr) = @_; - my $dir = $self->{Directory}; # <-- in this example will be '/tmp/sessions' - } - -Optionally, you can define C<init()> method within your driver to do driver specific global initialization. C<init()> method will be invoked only once during the lifecycle of your driver, which is the same as the lifecycle of a session object. - -For examples of C<init()> look into the source code of native CGI::Session drivers. - -=head1 METHODS - -This section lists and describes all driver methods. All the driver methods will receive driver object ($self) as the first argument. Methods that pertain to an individual session (such as C<retrieve()>, C<store()> and C<remove()>) will also receive session id ($sid) as the second argument. - -Following list describes every driver method, including its argument list and what step of session's life they will be invoked. Understanding this may help driver authors. - -=over 4 - -=item retrieve($self, $sid) - -Called whenever a specific session is requested either via C<< CGI::Session->new() >> or C<< CGI::Session->load() >> syntax. Method should try to retrieve data associated with C< $sid > and return it. In case no data could be retrieved for C< $sid > 0 (zero) or "" should be returned. undef must be returned only to signal error. Error message should be set via set_error(), which can be inherited from L<CGI::Session::ErrorHandler|CGI::Session::ErrorHandler>. - -Tip: set_error() always returns undef. Use it for your advantage. - -=item store($self, $sid, $datastr) - -Called whenever modified session data is to be stored back to disk. This happens whenever CGI::Session->flush() is called on modified session. Since CGI::Session->DESTROY() calls flush(), store() gets requested each time session object is to be terminated. - -C< store() > is called both to store new sessions and to update already stored sessions. It's driver author's job to figure out which operation needs to be performed. - -$datastr, which is passed as the third argument to represents B<already serialized> session data that needs to be saved. - -store() can return any true value indicating success or undef on failure. Error message should be passed to set_error() - -=item remove($self, $sid) - -Called whenever session data is to be deleted, which is when CGI::Session->delete() is called. Should return any true value indicating success, undef on failure. Error message should be logged in set_error(). - -=item traverse($self, \&coderef) - -Called only from within CGI::Session->find(). Job of traverse() is to call \&coderef for every single session stored in disk passing session's id as the first and only argument: C<< $coderef->( $sid ) >> - -=item init($self) - -Optional. Called whenever driver object is to be initialized, which happens only once during the lifecycle of CGI::Session object. Here you can do driver-wide initialization, such as to open connection to a database server. - -=item DESTROY($self) - -Optional. Perl automatically calls this method on objects just before they are to be terminated. This gives your driver chance to close any database connections or close any open file handles. - -=back - -=head2 NOTES - -=over 4 - -=item * - -All driver F<.pm> files must be lowercase! - -=item * - -DBI-related drivers are better off using L<CGI::Session::Driver::DBI|CGI::Session::Driver::DBI> as base, but don't have to. - -=back - -=head1 LICENSING - -For support and licensing see L<CGI::Session|CGI::Session>. - -=cut diff --git a/qooxdoo/source/perl/CGI/Session/Driver/DBI.pm b/qooxdoo/source/perl/CGI/Session/Driver/DBI.pm deleted file mode 100644 index 413be99..0000000 --- a/qooxdoo/source/perl/CGI/Session/Driver/DBI.pm +++ /dev/null @@ -1,236 +0,0 @@ -package CGI::Session::Driver::DBI; - -# $Id: DBI.pm 351 2006-11-24 14:16:50Z markstos $ - -use strict; - -use DBI; -use Carp; -use CGI::Session::Driver; - -@CGI::Session::Driver::DBI::ISA = ( "CGI::Session::Driver" ); -$CGI::Session::Driver::DBI::VERSION = "4.20"; - - -sub init { - my $self = shift; - if ( defined $self->{Handle} ) { - if (ref $self->{Handle} eq 'CODE') { - $self->{Handle} = $self->{Handle}->(); - } - else { - # We assume the handle is working, and there is nothing to do. - } - } - else { - $self->{Handle} = DBI->connect( - $self->{DataSource}, $self->{User}, $self->{Password}, - { RaiseError=>1, PrintError=>1, AutoCommit=>1 } - ); - unless ( $self->{Handle} ) { - return $self->set_error( "init(): couldn't connect to database: " . DBI->errstr ); - } - $self->{_disconnect} = 1; - } - return 1; -} - -# A setter/accessor method for the table name, defaulting to 'sessions' - -sub table_name { - my $self = shift; - my $class = ref( $self ) || $self; - - if ( (@_ == 0) && ref($self) && ($self->{TableName}) ) { - return $self->{TableName}; - } - - no strict 'refs'; - if ( @_ ) { - my $new_name = shift; - $self->{TableName} = $new_name; - ${ $class . "::TABLE_NAME" } = $new_name; - } - - unless (defined $self->{TableName}) { - $self->{TableName} = "sessions"; - } - - return $self->{TableName}; -} - - -sub retrieve { - my $self = shift; - my ($sid) = @_; - croak "retrieve(): usage error" unless $sid; - - - my $dbh = $self->{Handle}; - my $sth = $dbh->prepare_cached("SELECT a_session FROM " . $self->table_name . " WHERE id=?", undef, 3); - unless ( $sth ) { - return $self->set_error( "retrieve(): DBI->prepare failed with error message " . $dbh->errstr ); - } - $sth->execute( $sid ) or return $self->set_error( "retrieve(): \$sth->execute failed with error message " . $sth->errstr); - - my ($row) = $sth->fetchrow_array(); - return 0 unless $row; - return $row; -} - - -sub store { -# die; - my $self = shift; - my ($sid, $datastr) = @_; - croak "store(): usage error" unless $sid && $datastr; - - - my $dbh = $self->{Handle}; - my $sth = $dbh->prepare_cached("SELECT id FROM " . $self->table_name . " WHERE id=?", undef, 3); - unless ( defined $sth ) { - return $self->set_error( "store(): \$dbh->prepare failed with message " . $sth->errstr ); - } - - $sth->execute( $sid ) or return $self->set_error( "store(): \$sth->execute failed with message " . $sth->errstr ); - my $action_sth; - if ( $sth->fetchrow_array ) { - $action_sth = $dbh->prepare_cached("UPDATE " . $self->table_name . " SET a_session=? WHERE id=?", undef, 3); - } else { - $action_sth = $dbh->prepare_cached("INSERT INTO " . $self->table_name . " (a_session, id) VALUES(?, ?)", undef, 3); - } - - unless ( defined $action_sth ) { - return $self->set_error( "store(): \$dbh->prepare failed with message " . $dbh->errstr ); - } - $action_sth->execute($datastr, $sid) - or return $self->set_error( "store(): \$action_sth->execute failed " . $action_sth->errstr ); - return 1; -} - - -sub remove { - my $self = shift; - my ($sid) = @_; - croak "remove(): usage error" unless $sid; - - my $rc = $self->{Handle}->do( 'DELETE FROM '. $self->table_name .' WHERE id= ?',{},$sid ); - unless ( $rc ) { - croak "remove(): \$dbh->do failed!"; - } - - return 1; -} - - -sub DESTROY { - my $self = shift; - - unless ( $self->{Handle}->{AutoCommit} ) { - $self->{Handle}->commit; - } - if ( $self->{_disconnect} ) { - $self->{Handle}->disconnect; - } -} - - -sub traverse { - my $self = shift; - my ($coderef) = @_; - - unless ( $coderef && ref( $coderef ) && (ref $coderef eq 'CODE') ) { - croak "traverse(): usage error"; - } - - my $tablename = $self->table_name(); - my $sth = $self->{Handle}->prepare_cached("SELECT id FROM $tablename", undef, 3) - or return $self->set_error("traverse(): couldn't prepare SQL statement. " . $self->{Handle}->errstr); - $sth->execute() or return $self->set_error("traverse(): couldn't execute statement $sth->{Statement}. " . $sth->errstr); - - while ( my ($sid) = $sth->fetchrow_array ) { - $coderef->($sid); - } - return 1; -} - - -1; - -=pod - -=head1 NAME - -CGI::Session::Driver::DBI - Base class for native DBI-related CGI::Session drivers - -=head1 SYNOPSIS - - require CGI::Session::Driver::DBI; - @ISA = qw( CGI::Session::Driver::DBI ); - -=head1 DESCRIPTION - -In most cases you can create a new DBI-driven CGI::Session driver by simply creating an empty driver file that inherits from CGI::Session::Driver::DBI. That's exactly what L<sqlite|CGI::Session::Driver::sqlite> does. The only reason why this class doesn't suit for a valid driver is its name isn't in lowercase. I'm serious! - -=head2 NOTES - -CGI::Session::Driver::DBI defines init() method, which makes DBI handle available for drivers in I<Handle> - object attribute regardless of what C<\%dsn_args> were used in creating session object. Should your driver require non-standard initialization you have to re-define init() method in your F<.pm> file, but make sure to set 'Handle' - object attribute to database handle (returned by DBI->connect(...)) if you wish to inherit any of the methods from CGI::Session::Driver::DBI. - -=head1 STORAGE - -Before you can use any DBI-based session drivers you need to make sure compatible database table is created for CGI::Session to work with. Following command will produce minimal requirements in most SQL databases: - - CREATE TABLE sessions ( - id CHAR(32) NOT NULL PRIMARY KEY, - a_session TEXT NOT NULL - ); - -Your session table can define additional columns, but the above two are required. Name of the session table is expected to be I<sessions> by default. You may use a different name if you wish. To do this you have to pass I<TableName> as part of your C< \%dsn_args >: - - $s = new CGI::Session("driver:sqlite", undef, {TableName=>'my_sessions'}); - $s = new CGI::Session("driver:mysql", undef, { - TableName=>'my_sessions', - DataSource=>'dbi:mysql:shopping_cart'}); - -=head1 DRIVER ARGUMENTS - -Following driver arguments are supported: - -=over 4 - -=item DataSource - -First argument to be passed to L<DBI|DBI>->L<connect()|DBI/connect()>. If the driver makes -the database connection itself, it will also explicitly disconnect from the database when -the driver object is DESTROYed. - -=item User - -User privileged to connect to the database defined in C<DataSource>. - -=item Password - -Password of the I<User> privileged to connect to the database defined in C<DataSource> - -=item Handle - -An existing L<DBI> database handle object. The handle can be created on demand -by providing a code reference as a argument, such as C<<sub{DBI->connect}>>. -This way, the database connection is only created if it actually needed. This can be useful -when combined with a framework plugin like L<CGI::Application::Plugin::Session>, which creates -a CGI::Session object on demand as well. - -C<Handle> will override all the above arguments, if any present. - -=item TableName - -Name of the table session data will be stored in. - -=back - -=head1 LICENSING - -For support and licensing information see L<CGI::Session|CGI::Session> - -=cut - diff --git a/qooxdoo/source/perl/CGI/Session/Driver/db_file.pm b/qooxdoo/source/perl/CGI/Session/Driver/db_file.pm deleted file mode 100644 index edfe8d6..0000000 --- a/qooxdoo/source/perl/CGI/Session/Driver/db_file.pm +++ /dev/null @@ -1,201 +0,0 @@ -package CGI::Session::Driver::db_file; - -# $Id: db_file.pm 351 2006-11-24 14:16:50Z markstos $ - -use strict; - -use Carp; -use DB_File; -use File::Spec; -use File::Basename; -use CGI::Session::Driver; -use Fcntl qw( :DEFAULT :flock ); -use vars qw( @ISA $VERSION $FILE_NAME $UMask $NO_FOLLOW ); - -@ISA = ( "CGI::Session::Driver" ); -$VERSION = "4.20"; -$FILE_NAME = "cgisess.db"; -$UMask = 0660; -$NO_FOLLOW = eval { O_NOFOLLOW } || 0; - -sub init { - my $self = shift; - - $self->{FileName} ||= $CGI::Session::Driver::db_file::FILE_NAME; - unless ( $self->{Directory} ) { - $self->{Directory} = dirname( $self->{FileName} ); - $self->{Directory} = File::Spec->tmpdir() if $self->{Directory} eq '.' && substr($self->{FileName},0,1) ne '.'; - $self->{FileName} = basename( $self->{FileName} ); - } - unless ( -d $self->{Directory} ) { - require File::Path; - File::Path::mkpath($self->{Directory}) or return $self->set_error("init(): couldn't mkpath: $!"); - } - - $self->{UMask} = $CGI::Session::Driver::db_file::UMask unless exists $self->{UMask}; - - return 1; -} - - -sub retrieve { - my $self = shift; - my ($sid) = @_; - croak "retrieve(): usage error" unless $sid; - - return 0 unless -f $self->_db_file; - my ($dbhash, $unlock) = $self->_tie_db_file(O_RDONLY) or return; - my $datastr = $dbhash->{$sid}; - untie(%$dbhash); - $unlock->(); - return $datastr || 0; -} - - -sub store { - my $self = shift; - my ($sid, $datastr) = @_; - croak "store(): usage error" unless $sid && $datastr; - - my ($dbhash, $unlock) = $self->_tie_db_file(O_RDWR, LOCK_EX) or return; - $dbhash->{$sid} = $datastr; - untie(%$dbhash); - $unlock->(); - return 1; -} - - - -sub remove { - my $self = shift; - my ($sid) = @_; - croak "remove(): usage error" unless $sid; - - - my ($dbhash, $unlock) = $self->_tie_db_file(O_RDWR, LOCK_EX) or return; - delete $dbhash->{$sid}; - untie(%$dbhash); - $unlock->(); - return 1; -} - - -sub DESTROY {} - - -sub _lock { - my $self = shift; - my ($db_file, $lock_type) = @_; - - croak "_lock(): usage error" unless $db_file; - $lock_type ||= LOCK_SH; - - my $lock_file = $db_file . '.lck'; - if ( -l $lock_file ) { - unlink($lock_file) or - die $self->set_error("_lock(): '$lock_file' appears to be a symlink and I can't remove it: $!"); - } - sysopen(LOCKFH, $lock_file, O_RDWR|O_CREAT|$NO_FOLLOW) or die "couldn't create lock file '$lock_file': $!"; - - - flock(LOCKFH, $lock_type) or die "couldn't lock '$lock_file': $!"; - return sub { - close(LOCKFH); # && unlink($lock_file); # keep the lock file around - 1; - }; -} - - - -sub _tie_db_file { - my $self = shift; - my ($o_mode, $lock_type) = @_; - $o_mode ||= O_RDWR|O_CREAT; - - # DB_File will not touch a file unless it recognizes the format - # we can't detect the version of the underlying database without some very heavy checks so the easiest thing is - # to disable this for opening of the database - - # # protect against symlinks - # $o_mode |= $NO_FOLLOW; - - my $db_file = $self->_db_file; - my $unlock = $self->_lock($db_file, $lock_type); - my %db; - - my $create = ! -e $db_file; - - if ( -l $db_file ) { - $create = 1; - unlink($db_file) or - return $self->set_error("_tie_db_file(): '$db_file' appears to be a symlink and I can't remove it: $!"); - } - - $o_mode = O_RDWR|O_CREAT|O_EXCL if $create; - - unless( tie %db, "DB_File", $db_file, $o_mode, $self->{UMask} ){ - $unlock->(); - return $self->set_error("_tie_db_file(): couldn't tie '$db_file': $!"); - } - - return (\%db, $unlock); -} - -sub _db_file { - my $self = shift; - return File::Spec->catfile( $self->{Directory}, $self->{FileName} ); -} - -sub traverse { - my $self = shift; - my ($coderef) = @_; - - unless ( $coderef && ref($coderef) && (ref $coderef eq 'CODE') ) { - croak "traverse(): usage error"; - } - - my ($dbhash, $unlock) = $self->_tie_db_file(O_RDWR, LOCK_SH); - unless ( $dbhash ) { - return $self->set_error( "traverse(): couldn't get db handle, " . $self->errstr ); - } - while ( my ($sid, undef) = each %$dbhash ) { - $coderef->( $sid ); - } - untie(%$dbhash); - $unlock->(); - return 1; -} - - -1; - -__END__; - -=pod - -=head1 NAME - -CGI::Session::Driver::db_file - CGI::Session driver for BerkeleyDB using DB_File - -=head1 SYNOPSIS - - $s = new CGI::Session("driver:db_file", $sid); - $s = new CGI::Session("driver:db_file", $sid, {FileName=>'/tmp/cgisessions.db'}); - -=head1 DESCRIPTION - -B<db_file> stores session data in BerkelyDB file using L<DB_File|DB_File> - Perl module. All sessions will be stored -in a single file, specified in I<FileName> driver argument as in the above example. If I<FileName> isn't given, -defaults to F</tmp/cgisess.db>, or its equivalent on a non-UNIX system. - -If the directory hierarchy leading to the file does not exist, will be created for you. - -This module takes a B<UMask> option which will be used if DB_File has to create the database file for you. By default -the umask is 0660. - -=head1 LICENSING - -For support and licensing information see L<CGI::Session|CGI::Session> - -=cut - diff --git a/qooxdoo/source/perl/CGI/Session/Driver/file.pm b/qooxdoo/source/perl/CGI/Session/Driver/file.pm deleted file mode 100644 index f25dfea..0000000 --- a/qooxdoo/source/perl/CGI/Session/Driver/file.pm +++ /dev/null @@ -1,217 +0,0 @@ -package CGI::Session::Driver::file; - -# $Id: file.pm 351 2006-11-24 14:16:50Z markstos $ - -use strict; - -use Carp; -use File::Spec; -use Fcntl qw( :DEFAULT :flock :mode ); -use CGI::Session::Driver; -use vars qw( $FileName $NoFlock $UMask $NO_FOLLOW ); - -BEGIN { - # keep historical behavior - - no strict 'refs'; - - *FileName = \$CGI::Session::File::FileName; -} - -@CGI::Session::Driver::file::ISA = ( "CGI::Session::Driver" ); -$CGI::Session::Driver::file::VERSION = "4.20"; -$FileName = "cgisess_%s"; -$NoFlock = 0; -$UMask = 0660; -$NO_FOLLOW = eval { O_NOFOLLOW } || 0; - -sub init { - my $self = shift; - $self->{Directory} ||= File::Spec->tmpdir(); - - unless ( -d $self->{Directory} ) { - require File::Path; - unless ( File::Path::mkpath($self->{Directory}) ) { - return $self->set_error( "init(): couldn't create directory path: $!" ); - } - } - - $self->{NoFlock} = $NoFlock unless exists $self->{NoFlock}; - $self->{UMask} = $UMask unless exists $self->{UMask}; - - return 1; -} - -sub _file { - my ($self,$sid) = @_; - return File::Spec->catfile($self->{Directory}, sprintf( $FileName, $sid )); -} - -sub retrieve { - my $self = shift; - my ($sid) = @_; - - my $path = $self->_file($sid); - - return 0 unless -e $path; - - # make certain our filehandle goes away when we fall out of scope - local *FH; - - if (-l $path) { - unlink($path) or - return $self->set_error("retrieve(): '$path' appears to be a symlink and I couldn't remove it: $!"); - return 0; # we deleted this so we have no hope of getting back anything - } - sysopen(FH, $path, O_RDONLY | $NO_FOLLOW ) || return $self->set_error( "retrieve(): couldn't open '$path': $!" ); - - $self->{NoFlock} || flock(FH, LOCK_SH) or return $self->set_error( "retrieve(): couldn't lock '$path': $!" ); - - my $rv = ""; - while ( <FH> ) { - $rv .= $_; - } - close(FH); - return $rv; -} - - - -sub store { - my $self = shift; - my ($sid, $datastr) = @_; - - my $path = $self->_file($sid); - - # make certain our filehandle goes away when we fall out of scope - local *FH; - - my $mode = O_WRONLY|$NO_FOLLOW; - - # kill symlinks when we spot them - if (-l $path) { - unlink($path) or - return $self->set_error("store(): '$path' appears to be a symlink and I couldn't remove it: $!"); - } - - $mode = O_RDWR|O_CREAT|O_EXCL unless -e $path; - - sysopen(FH, $path, $mode, $self->{UMask}) or return $self->set_error( "store(): couldn't open '$path': $!" ); - - # sanity check to make certain we're still ok - if (-l $path) { - return $self->set_error("store(): '$path' is a symlink, check for malicious processes"); - } - - # prevent race condition (RT#17949) - $self->{NoFlock} || flock(FH, LOCK_EX) or return $self->set_error( "store(): couldn't lock '$path': $!" ); - truncate(FH, 0) or return $self->set_error( "store(): couldn't truncate '$path': $!" ); - - print FH $datastr; - close(FH) or return $self->set_error( "store(): couldn't close '$path': $!" ); - return 1; -} - - -sub remove { - my $self = shift; - my ($sid) = @_; - - my $directory = $self->{Directory}; - my $file = sprintf( $FileName, $sid ); - my $path = File::Spec->catfile($directory, $file); - unlink($path) or return $self->set_error( "remove(): couldn't unlink '$path': $!" ); - return 1; -} - - -sub traverse { - my $self = shift; - my ($coderef) = @_; - - unless ( $coderef && ref($coderef) && (ref $coderef eq 'CODE') ) { - croak "traverse(): usage error"; - } - - opendir( DIRHANDLE, $self->{Directory} ) - or return $self->set_error( "traverse(): couldn't open $self->{Directory}, " . $! ); - - my $filename_pattern = $FileName; - $filename_pattern =~ s/\./\\./g; - $filename_pattern =~ s/\%s/(\.\+)/g; - while ( my $filename = readdir(DIRHANDLE) ) { - next if $filename =~ m/^\.\.?$/; - my $full_path = File::Spec->catfile($self->{Directory}, $filename); - my $mode = (stat($full_path))[2] - or return $self->set_error( "traverse(): stat failed for $full_path: " . $! ); - next if S_ISDIR($mode); - if ( $filename =~ /^$filename_pattern$/ ) { - $coderef->($1); - } - } - closedir( DIRHANDLE ); - return 1; -} - - -sub DESTROY { - my $self = shift; -} - -1; - -__END__; - -=pod - -=head1 NAME - -CGI::Session::Driver::file - Default CGI::Session driver - -=head1 SYNOPSIS - - $s = new CGI::Session(); - $s = new CGI::Session("driver:file", $sid); - $s = new CGI::Session("driver:file", $sid, {Directory=>'/tmp'}); - - -=head1 DESCRIPTION - -When CGI::Session object is created without explicitly setting I<driver>, I<file> will be assumed. -I<file> - driver will store session data in plain files, where each session will be stored in a separate -file. - -Naming conventions of session files are defined by C<$CGI::Session::Driver::file::FileName> global variable. -Default value of this variable is I<cgisess_%s>, where %s will be replaced with respective session ID. Should -you wish to set your own FileName template, do so before requesting for session object: - - $CGI::Session::Driver::file::FileName = "%s.dat"; - $s = new CGI::Session(); - -For backwards compatibility with 3.x, you can also use the variable name -C<$CGI::Session::File::FileName>, which will override the one above. - -=head2 DRIVER ARGUMENTS - -If you wish to specify a session directory, use the B<Directory> option, which denotes location of the directory -where session ids are to be kept. If B<Directory> is not set, defaults to whatever File::Spec->tmpdir() returns. -So all the three lines in the SYNOPSIS section of this manual produce the same result on a UNIX machine. - -If specified B<Directory> does not exist, all necessary directory hierarchy will be created. - -By default, sessions are created with a umask of 0660. If you wish to change the umask for a session, pass -a B<UMask> option with an octal representation of the umask you would like for said session. - -=head1 NOTES - -If your OS doesn't support flock, you should understand the risks of going without locking the session files. Since -sessions tend to be used in environments where race conditions may occur due to concurrent access of files by -different processes, locking tends to be seen as a good and very necessary thing. If you still want to use this -driver but don't want flock, set C<$CGI::Session::Driver::file::NoFlock> to 1 or pass C<< NoFlock => 1 >> and this -driver will operate without locks. - -=head1 LICENSING - -For support and licensing see L<CGI::Session|CGI::Session> - -=cut diff --git a/qooxdoo/source/perl/CGI/Session/Driver/mysql.pm b/qooxdoo/source/perl/CGI/Session/Driver/mysql.pm deleted file mode 100644 index 4d7aaf6..0000000 --- a/qooxdoo/source/perl/CGI/Session/Driver/mysql.pm +++ /dev/null @@ -1,113 +0,0 @@ -package CGI::Session::Driver::mysql; - -# $Id: mysql.pm 351 2006-11-24 14:16:50Z markstos $ - -use strict; -use Carp; -use CGI::Session::Driver::DBI; - -@CGI::Session::Driver::mysql::ISA = qw( CGI::Session::Driver::DBI ); -$CGI::Session::Driver::mysql::VERSION = "4.20"; - -sub _mk_dsnstr { - my ($class, $dsn) = @_; - unless ( $class && $dsn && ref($dsn) && (ref($dsn) eq 'HASH')) { - croak "_mk_dsnstr(): usage error"; - } - - my $dsnstr = $dsn->{DataSource}; - if ( $dsn->{Socket} ) { - $dsnstr .= sprintf(";mysql_socket=%s", $dsn->{Socket}); - } - if ( $dsn->{Host} ) { - $dsnstr .= sprintf(";host=%s", $dsn->{Host}); - } - if ( $dsn->{Port} ) { - $dsnstr .= sprintf(";port=%s", $dsn->{Port}); - } - return $dsnstr; -} - - -sub init { - my $self = shift; - if ( $self->{DataSource} && ($self->{DataSource} !~ /^dbi:mysql/i) ) { - $self->{DataSource} = "dbi:mysql:database=" . $self->{DataSource}; - } - - if ( $self->{Socket} && $self->{DataSource} ) { - $self->{DataSource} .= ';mysql_socket=' . $self->{Socket}; - } - return $self->SUPER::init(); -} - -sub store { - my $self = shift; - my ($sid, $datastr) = @_; - croak "store(): usage error" unless $sid && $datastr; - - my $dbh = $self->{Handle}; - $dbh->do("REPLACE INTO " . $self->table_name . " (id, a_session) VALUES(?, ?)", undef, $sid, $datastr) - or return $self->set_error( "store(): \$dbh->do failed " . $dbh->errstr ); - return 1; -} - - -# If the table name hasn't been defined yet, check this location for 3.x compatibility -sub table_name { - my $self = shift; - unless (defined $self->{TableName}) { - $self->{TableName} = $CGI::Session::MySQL::TABLE_NAME; - } - return $self->SUPER::table_name(@_); -} - -1; - -__END__; - -=pod - -=head1 NAME - -CGI::Session::Driver::mysql - CGI::Session driver for MySQL database - -=head1 SYNOPSIS - - $s = new CGI::Session( "driver:mysql", $sid); - $s = new CGI::Session( "driver:mysql", $sid, { DataSource => 'dbi:mysql:test', - User => 'sherzodr', - Password => 'hello' }); - $s = new CGI::Session( "driver:mysql", $sid, { Handle => $dbh } ); - -=head1 DESCRIPTION - -B<mysql> stores session records in a MySQL table. For details see L<CGI::Session::Driver::DBI|CGI::Session::Driver::DBI>, its parent class. - -It's especially important for the MySQL driver that the session ID column be -defined as a primary key, or at least "unique", like this: - - CREATE TABLE sessions ( - id CHAR(32) NOT NULL PRIMARY KEY, - a_session TEXT NOT NULL - ); - -=head2 DRIVER ARGUMENTS - -B<mysql> driver supports all the arguments documented in L<CGI::Session::Driver::DBI|CGI::Session::Driver::DBI>. In addition, I<DataSource> argument can optionally leave leading "dbi:mysql:" string out: - - $s = new CGI::Session( "driver:mysql", $sid, {DataSource=>'shopping_cart'}); - # is the same as: - $s = new CGI::Session( "driver:mysql", $sid, {DataSource=>'dbi:mysql:shopping_cart'}); - -=head2 BACKWARDS COMPATIBILITY - -For backwards compatibility, you can also set the table like this before calling C<new()>. However, it is not recommended because it can cause conflicts in a persistent environment. - - $CGI::Session::MySQL::TABLE_NAME = 'my_sessions'; - -=head1 LICENSING - -For support and licensing see L<CGI::Session|CGI::Session>. - -=cut diff --git a/qooxdoo/source/perl/CGI/Session/Driver/postgresql.pm b/qooxdoo/source/perl/CGI/Session/Driver/postgresql.pm deleted file mode 100644 index ccfdce5..0000000 --- a/qooxdoo/source/perl/CGI/Session/Driver/postgresql.pm +++ /dev/null @@ -1,134 +0,0 @@ -package CGI::Session::Driver::postgresql; - -# $Id: postgresql.pm 351 2006-11-24 14:16:50Z markstos $ - -# CGI::Session::Driver::postgresql - PostgreSQL driver for CGI::Session -# -# Copyright (C) 2002 Cosimo Streppone, cosimo@cpan.org -# This module is based on CGI::Session::Driver::mysql module -# by Sherzod Ruzmetov, original author of CGI::Session modules -# and CGI::Session::Driver::mysql driver. - -use strict; -use Carp "croak"; - -use CGI::Session::Driver::DBI; -use DBD::Pg qw(PG_BYTEA PG_TEXT); - -$CGI::Session::Driver::postgresql::VERSION = '4.20'; -@CGI::Session::Driver::postgresql::ISA = qw( CGI::Session::Driver::DBI ); - - -sub init { - my $self = shift; - my $ret = $self->SUPER::init(@_); - - # Translate external ColumnType into internal value. See POD for details. - $self->{PgColumnType} ||= (defined $self->{ColumnType} and (lc $self->{ColumnType} eq 'binary')) - ? PG_BYTEA - : PG_TEXT - ; - - return $ret; -} - -sub store { - my $self = shift; - my ($sid, $datastr) = @_; - croak "store(): usage error" unless $sid && $datastr; - - my $dbh = $self->{Handle}; - my $type = $self->{PgColumnType}; - - if ($type == PG_TEXT && $datastr =~ tr/\x00//) { - croak "Unallowed characters used in session data. Please see CGI::Session::Driver::postgresql ". - "for more information about null characters in text columns."; - } - - local $dbh->{RaiseError} = 1; - eval { - # There is a race condition were two clients could run this code concurrently, - # and both end up trying to insert. That's why we check for "duplicate" below - my $sth = $dbh->prepare( - "INSERT INTO " . $self->table_name . " (a_session,id) SELECT ?, ? - WHERE NOT EXISTS (SELECT 1 FROM " . $self->table_name . " WHERE id=? LIMIT 1)"); - - $sth->bind_param(1,$datastr,{ pg_type => $type }); - $sth->bind_param(2, $sid); - $sth->bind_param(3, $sid); # in the SELECT statement - my $rv = ''; - eval { $rv = $sth->execute(); }; - if ( $rv eq '0E0' or (defined $@ and $@ =~ m/duplicate/i) ) { - my $sth = $dbh->prepare("UPDATE " . $self->table_name . " SET a_session=? WHERE id=?"); - $sth->bind_param(1,$datastr,{ pg_type => $type }); - $sth->bind_param(2,$sid); - $sth->execute; - } - else { - # Nothing. Our insert has already happened - } - }; - if ($@) { - return $self->set_error( "store(): failed with message: $@ " . $dbh->errstr ); - - } - else { - return 1; - - } - - -} - -1; - -=pod - -=head1 NAME - -CGI::Session::Driver::postgresql - PostgreSQL driver for CGI::Session - -=head1 SYNOPSIS - - use CGI::Session; - $session = new CGI::Session("driver:PostgreSQL", undef, {Handle=>$dbh}); - -=head1 DESCRIPTION - -CGI::Session::PostgreSQL is a L<CGI::Session|CGI::Session> driver to store session data in a PostgreSQL table. - -=head1 STORAGE - -Before you can use any DBI-based session drivers you need to make sure compatible database table is created for CGI::Session to work with. Following command will produce minimal requirements in most SQL databases: - - CREATE TABLE sessions ( - id CHAR(32) NOT NULL PRIMARY KEY, - a_session BYTEA NOT NULL - ); - -and within your code use: - - use CGI::Session; - $session = new CGI::Session("driver:PostgreSQL", undef, {Handle=>$dbh, ColumnType=>"binary"}); - -Please note the I<ColumnType> argument. PostgreSQL's text type has problems when trying to hold a null character. (Known as C<"\0"> in Perl, not to be confused with SQL I<NULL>). If you know there is no chance of ever having a null character in the serialized data, you can leave off the I<ColumnType> attribute. Using a I<BYTEA> column type and C<< ColumnType => 'binary' >> is recommended when using L<Storable|CGI::Session::Serialize::storable> as the serializer or if there's any possibility that a null value will appear in any of the serialized data. - -For more details see L<CGI::Session::Driver::DBI|CGI::Session::Driver::DBI>, parent class. - -Also see L<sqlite driver|CGI::Session::Driver::sqlite>, which exercises different method for dealing with binary data. - -=head1 COPYRIGHT - -Copyright (C) 2002 Cosimo Streppone. All rights reserved. This library is free software and can be modified and distributed under the same terms as Perl itself. - -=head1 AUTHORS - -Cosimo Streppone <cosimo@cpan.org>, heavily based on the CGI::Session::MySQL driver by Sherzod Ruzmetov, original author of CGI::Session. - -Matt LeBlanc contributed significant updates for the 4.0 release. - -=head1 LICENSING - -For additional support and licensing see L<CGI::Session|CGI::Session> - -=cut diff --git a/qooxdoo/source/perl/CGI/Session/Driver/sqlite.pm b/qooxdoo/source/perl/CGI/Session/Driver/sqlite.pm deleted file mode 100644 index 561e9a7..0000000 --- a/qooxdoo/source/perl/CGI/Session/Driver/sqlite.pm +++ /dev/null @@ -1,99 +0,0 @@ -package CGI::Session::Driver::sqlite; - -# $Id: sqlite.pm 351 2006-11-24 14:16:50Z markstos $ - -use strict; - -use File::Spec; -use base 'CGI::Session::Driver::DBI'; -use DBI qw(SQL_BLOB); -use Fcntl; - -$CGI::Session::Driver::sqlite::VERSION = "4.20"; - -sub init { - my $self = shift; - - unless ( $self->{Handle}) { - $self->{DataSource} = "dbi:SQLite:dbname=" . $self->{DataSource} unless ( $self->{DataSource} =~ /^dbi:sqlite/i ); - } - - $self->SUPER::init() or return; - - $self->{Handle}->{sqlite_handle_binary_nulls} = 1; - return 1; -} - -sub store { - my $self = shift; - my ($sid, $datastr) = @_; - return $self->set_error("store(): usage error") unless $sid && $datastr; - - my $dbh = $self->{Handle}; - - my $sth = $dbh->prepare("SELECT id FROM " . $self->table_name . " WHERE id=?"); - unless ( defined $sth ) { - return $self->set_error( "store(): \$sth->prepare failed with message " . $dbh->errstr ); - } - - $sth->execute( $sid ) or return $self->set_error( "store(): \$sth->execute failed with message " . $dbh->errstr ); - if ( $sth->fetchrow_array ) { - __ex_and_ret($dbh,"UPDATE " . $self->table_name . " SET a_session=? WHERE id=?",$datastr,$sid) - or return $self->set_error( "store(): serialize to db failed " . $dbh->errstr ); - } else { - __ex_and_ret($dbh,"INSERT INTO " . $self->table_name . " (a_session,id) VALUES(?, ?)",$datastr, $sid) - or return $self->set_error( "store(): serialize to db failed " . $dbh->errstr ); - } - return 1; -} - -sub __ex_and_ret { - my ($dbh,$sql,$datastr,$sid) = @_; - # fix rt #18183 - local $@; - eval { - my $sth = $dbh->prepare($sql) or return 0; - $sth->bind_param(1,$datastr,SQL_BLOB) or return 0; - $sth->bind_param(2,$sid) or return 0; - $sth->execute() or return 0; - }; - return ! $@; -} - -1; - -__END__; - -=pod - -=head1 NAME - -CGI::Session::Driver::sqlite - CGI::Session driver for SQLite - -=head1 SYNOPSIS - - $s = new CGI::Session("driver:sqlite", $sid, {DataSource=>'/my/folder/sessions.sqlt'}); - $s = new CGI::Session("driver:sqlite", $sid, {Handle=>$dbh}); - -=head1 DESCRIPTION - -B<sqlite> driver stores session data in SQLite files using L<DBD::SQLite|DBD::SQLite> DBI driver. More details see L<CGI::Session::Driver::DBI|CGI::Session::Driver::DBI>, its parent class. - -=head1 DRIVER ARGUMENTS - -Supported driver arguments are I<DataSource> and I<Handle>. B<At most> only one of these arguments can be set while creating session object. - -I<DataSource> should be in the form of C<dbi:SQLite:dbname=/path/to/db.sqlt>. If C<dbi:SQLite:> is missing it will be prepended for you. If I<Handle> is present it should be database handle (C<$dbh>) returned by L<DBI::connect()|DBI/connect()>. - -As of version 1.7 of this driver, the third argument is B<NOT> optional. Using a default database in the temporary directory is a security risk since anyone on the machine can create and/or read your session data. If you understand these risks and still want the old behavior, you can set the C<DataSource> option to I<'/tmp/sessions.sqlt'>. - -=head1 BUGS AND LIMITATIONS - -None known. - -=head1 LICENSING - -For support and licensing see L<CGI::Session|CGI::Session> - -=cut - diff --git a/qooxdoo/source/perl/CGI/Session/ErrorHandler.pm b/qooxdoo/source/perl/CGI/Session/ErrorHandler.pm deleted file mode 100644 index 8f42482..0000000 --- a/qooxdoo/source/perl/CGI/Session/ErrorHandler.pm +++ /dev/null @@ -1,73 +0,0 @@ -package CGI::Session::ErrorHandler; - -# $Id: ErrorHandler.pm 351 2006-11-24 14:16:50Z markstos $ - -use strict; -$CGI::Session::ErrorHandler::VERSION = "4.20"; - -=pod - -=head1 NAME - -CGI::Session::ErrorHandler - error handling routines for CGI::Session - -=head1 SYNOPSIS - - require CGI::Session::ErrorHandler - @ISA = qw( CGI::Session::ErrorHandler ); - - sub some_method { - my $self = shift; - unless ( $some_condition ) { - return $self->set_error("some_method(): \$some_condition isn't met"); - } - } - -=head1 DESCRIPTION - -CGI::Session::ErrorHandler provides set_error() and errstr() methods for setting and accessing error messages from within CGI::Session's components. This method should be used by driver developers for providing CGI::Session-standard error handling routines for their code - -=head2 METHODS - -=over 4 - -=item set_error($message) - -Implicitly defines $pkg_name::errstr and sets its value to $message. Return value is B<always> undef. - -=cut - -sub set_error { - my $class = shift; - my $message = shift; - $class = ref($class) || $class; - no strict 'refs'; - ${ "$class\::errstr" } = sprintf($message || "", @_); - return; -} - -=item errstr() - -Returns whatever value was set by the most recent call to set_error(). If no message as has been set yet, the empty string is returned so the message can still concatenate without a warning. - -=back - -=cut - -*error = \&errstr; -sub errstr { - my $class = shift; - $class = ref( $class ) || $class; - - no strict 'refs'; - return ${ "$class\::errstr" } || ''; -} - -=head1 LICENSING - -For support and licensing information see L<CGI::Session|CGI::Session>. - -=cut - -1; - diff --git a/qooxdoo/source/perl/CGI/Session/ID/incr.pm b/qooxdoo/source/perl/CGI/Session/ID/incr.pm deleted file mode 100644 index 75324b5..0000000 --- a/qooxdoo/source/perl/CGI/Session/ID/incr.pm +++ /dev/null @@ -1,77 +0,0 @@ -package CGI::Session::ID::incr; - -# $Id: incr.pm 351 2006-11-24 14:16:50Z markstos $ - -use strict; -use File::Spec; -use Carp "croak"; -use Fcntl qw( :DEFAULT :flock ); -use CGI::Session::ErrorHandler; - -$CGI::Session::ID::incr::VERSION = '4.20'; -@CGI::Session::ID::incr::ISA = qw( CGI::Session::ErrorHandler ); - - -sub generate_id { - my ($self, $args) = @_; - - my $IDFile = $args->{IDFile} or croak "Don't know where to store the id"; - my $IDIncr = $args->{IDIncr} || 1; - my $IDInit = $args->{IDInit} || 0; - - sysopen(FH, $IDFile, O_RDWR|O_CREAT, 0666) or return $self->set_error("Couldn't open IDFile=>$IDFile: $!"); - flock(FH, LOCK_EX) or return $self->set_error("Couldn't lock IDFile=>$IDFile: $!"); - my $ID = <FH> || $IDInit; - seek(FH, 0, 0) or return $self->set_error("Couldn't seek IDFile=>$IDFile: $!"); - truncate(FH, 0) or return $self->set_error("Couldn't truncate IDFile=>$IDFile: $!"); - $ID += $IDIncr; - print FH $ID; - close(FH) or return $self->set_error("Couldn't close IDFile=>$IDFile: $!"); - return $ID; -} - - -1; - -__END__; - -=pod - -=head1 NAME - -CGI::Session::ID::incr - CGI::Session ID driver - -=head1 SYNOPSIS - - use CGI::Session; - $session = new CGI::Session("id:Incr", undef, { - Directory => '/tmp', - IDFile => '/tmp/cgisession.id', - IDInit => 1000, - IDIncr => 2 }); - -=head1 DESCRIPTION - -CGI::Session::ID::incr is to generate auto incrementing Session IDs. Compare it with L<CGI::Session::ID::md5|CGI::Session::ID::md5>, where session ids are truly random 32 character long strings. CGI::Session::ID::incr expects the following arguments passed to CGI::Session->new() as the third argument. - -=over 4 - -=item IDFile - -Location where auto incremented IDs are stored. This attribute is required. - -=item IDInit - -Initial value of the ID if it's the first ID to be generated. For example, if you want the ID numbers to start with 1000 as opposed to 0, that's where you should set your value. Default is C<0>. - -=item IDIncr - -How many digits each number should increment by. For example, if you want the first generated id to start with 1000, and each subsequent id to increment by 10, set I<IDIncr> to 10 and I<IDInit> to 1000. Default is C<1>. - -=back - -=head1 LICENSING - -For support and licensing information see L<CGI::Session|CGI::Session> - -=cut diff --git a/qooxdoo/source/perl/CGI/Session/ID/md5.pm b/qooxdoo/source/perl/CGI/Session/ID/md5.pm deleted file mode 100644 index 82864e0..0000000 --- a/qooxdoo/source/perl/CGI/Session/ID/md5.pm +++ /dev/null @@ -1,41 +0,0 @@ -package CGI::Session::ID::md5; - -# $Id: md5.pm 351 2006-11-24 14:16:50Z markstos $ - -use strict; -use Digest::MD5; -use CGI::Session::ErrorHandler; - -$CGI::Session::ID::md5::VERSION = '4.20'; -@CGI::Session::ID::md5::ISA = qw( CGI::Session::ErrorHandler ); - -*generate = \&generate_id; -sub generate_id { - my $md5 = new Digest::MD5(); - $md5->add($$ , time() , rand(time) ); - return $md5->hexdigest(); -} - - -1; - -=pod - -=head1 NAME - -CGI::Session::ID::md5 - default CGI::Session ID generator - -=head1 SYNOPSIS - - use CGI::Session; - $s = new CGI::Session("id:md5", undef); - -=head1 DESCRIPTION - -CGI::Session::ID::MD5 is to generate MD5 encoded hexadecimal random ids. The library does not require any arguments. - -=head1 LICENSING - -For support and licensing see L<CGI::Session|CGI::Session> - -=cut diff --git a/qooxdoo/source/perl/CGI/Session/ID/static.pm b/qooxdoo/source/perl/CGI/Session/ID/static.pm deleted file mode 100644 index b77dde4..0000000 --- a/qooxdoo/source/perl/CGI/Session/ID/static.pm +++ /dev/null @@ -1,55 +0,0 @@ -package CGI::Session::ID::static; - -# $Id: static.pm 351 2006-11-24 14:16:50Z markstos $ - -use strict; -use Carp ("croak"); -use CGI::Session::ErrorHandler; - -$CGI::Session::ID::static::VERSION = '4.20'; -@::CGI::Session::ID::static::ISA = qw( CGI::Session::ErrorHandler ); - -sub generate_id { - my ($self, $args, $claimed_id ) = @_; - unless ( defined $claimed_id ) { - croak "'CGI::Session::ID::Static::generate_id()' requires static id"; - } - return $claimed_id; -} - -1; -__END__ - -=head1 NAME - -CGI::Session::ID::static - CGI::Session ID Driver for generating static IDs - -=head1 SYNOPSIS - - use CGI::Session; - $session = new CGI::Session("id:static", $ENV{REMOTE_ADDR}); - -=head1 DESCRIPTION - -CGI::Session::ID::static is used to generate consistent, static session -ID's. In other words, you tell CGI::Session ID you want to use, and it will honor it. - -Unlike the other ID drivers, this one requires that you provide an ID when creating -the session object; if you pass it an undefined value, it will croak. - -=head1 COPYRIGHT - -Copyright (C) 2002 Adam Jacob <adam@sysadminsith.org>, - -This library is free software. You can modify and distribute it under the same -terms as Perl itself. - -=head1 AUTHORS - -Adam Jacob <adam@sysadminsith.org>, - -=head1 LICENSING - -For additional support and licensing see L<CGI::Session|CGI::Session> - -=cut diff --git a/qooxdoo/source/perl/CGI/Session/Serialize/default.pm b/qooxdoo/source/perl/CGI/Session/Serialize/default.pm deleted file mode 100644 index a18c164..0000000 --- a/qooxdoo/source/perl/CGI/Session/Serialize/default.pm +++ /dev/null @@ -1,139 +0,0 @@ -package CGI::Session::Serialize::default; - -# $Id: default.pm 351 2006-11-24 14:16:50Z markstos $ - -use strict; -use Safe; -use Data::Dumper; -use CGI::Session::ErrorHandler; -use Scalar::Util qw(blessed reftype refaddr); -use Carp "croak"; -use vars qw( %overloaded ); -require overload; - -@CGI::Session::Serialize::default::ISA = ( "CGI::Session::ErrorHandler" ); -$CGI::Session::Serialize::default::VERSION = '4.20'; - - -sub freeze { - my ($class, $data) = @_; - - my $d = - new Data::Dumper([$data], ["D"]); - $d->Indent( 0 ); - $d->Purity( 1 ); - $d->Useqq( 0 ); - $d->Deepcopy( 0 ); - $d->Quotekeys( 1 ); - $d->Terse( 0 ); - - # ;$D added to make certain we get our data structure back when we thaw - return $d->Dump() . ';$D'; -} - -sub thaw { - my ($class, $string) = @_; - - # To make -T happy - my ($safe_string) = $string =~ m/^(.*)$/s; - my $rv = Safe->new->reval( $safe_string ); - if ( $@ ) { - return $class->set_error("thaw(): couldn't thaw. $@"); - } - __walk($rv); - return $rv; -} - -sub __walk { - my %seen; - my @filter = __scan(shift); - local %overloaded; - - while (defined(my $x = shift @filter)) { - $seen{refaddr $x || ''}++ and next; - - my $r = reftype $x or next; - if ($r eq "HASH") { - # we use this form to make certain we have aliases - # to the values in %$x and not copies - push @filter, __scan(@{$x}{keys %$x}); - } elsif ($r eq "ARRAY") { - push @filter, __scan(@$x); - } elsif ($r eq "SCALAR" || $r eq "REF") { - push @filter, __scan($$x); - } - } -} - -# we need to do this because the values we get back from the safe compartment -# will have packages defined from the safe compartment's *main instead of -# the one we use -sub __scan { - # $_ gets aliased to each value from @_ which are aliases of the values in - # the current data structure - for (@_) { - if (blessed $_) { - if (overload::Overloaded($_)) { - my $address = refaddr $_; - - # if we already rebuilt and reblessed this item, use the cached - # copy so our ds is consistent with the one we serialized - if (exists $overloaded{$address}) { - $_ = $overloaded{$address}; - } else { - my $reftype = reftype $_; - if ($reftype eq "HASH") { - $_ = $overloaded{$address} = bless { %$_ }, ref $_; - } elsif ($reftype eq "ARRAY") { - $_ = $overloaded{$address} = bless [ @$_ ], ref $_; - } elsif ($reftype eq "SCALAR" || $reftype eq "REF") { - $_ = $overloaded{$address} = bless \do{my $o = $$_},ref $_; - } else { - croak "Do not know how to reconstitute blessed object of base type $reftype"; - } - } - } else { - bless $_, ref $_; - } - } - } - return @_; -} - - -1; - -__END__; - -=pod - -=head1 NAME - -CGI::Session::Serialize::default - Default CGI::Session serializer - -=head1 DESCRIPTION - -This library is used by CGI::Session driver to serialize session data before storing it in disk. - -All the methods are called as class methods. - -=head1 METHODS - -=over 4 - -=item freeze($class, \%hash) - -Receives two arguments. First is the class name, the second is the data to be serialized. Should return serialized string on success, undef on failure. Error message should be set using C<set_error()|CGI::Session::ErrorHandler/"set_error()"> - -=item thaw($class, $string) - -Received two arguments. First is the class name, second is the I<frozen> data string. Should return thawed data structure on success, undef on failure. Error message should be set using C<set_error()|CGI::Session::ErrorHandler/"set_error()"> - -=back - -=head1 LICENSING - -For support and licensing see L<CGI::Session|CGI::Session> - -=cut - diff --git a/qooxdoo/source/perl/CGI/Session/Serialize/freezethaw.pm b/qooxdoo/source/perl/CGI/Session/Serialize/freezethaw.pm deleted file mode 100644 index c71ece8..0000000 --- a/qooxdoo/source/perl/CGI/Session/Serialize/freezethaw.pm +++ /dev/null @@ -1,55 +0,0 @@ -package CGI::Session::Serialize::freezethaw; - -# $Id: freezethaw.pm 351 2006-11-24 14:16:50Z markstos $ - -use strict; -use FreezeThaw; -use CGI::Session::ErrorHandler; - -$CGI::Session::Serialize::freezethaw::VERSION = 4.2; -@CGI::Session::Serialize::freezethaw::ISA = ( "CGI::Session::ErrorHandler" ); - -sub freeze { - my ($self, $data) = @_; - return FreezeThaw::freeze($data); -} - - -sub thaw { - my ($self, $string) = @_; - return (FreezeThaw::thaw($string))[0]; -} - -1; - -__END__; - -=pod - -=head1 NAME - -CGI::Session::Serialize::freezethaw - serializer for CGI::Session - -=head1 DESCRIPTION - -This library can be used by CGI::Session to serialize session data. Uses L<FreezeThaw|FreezeThaw>. - -=head1 METHODS - -=over 4 - -=item freeze($class, \%hash) - -Receives two arguments. First is the class name, the second is the data to be serialized. Should return serialized string on success, undef on failure. Error message should be set using C<set_error()|CGI::Session::ErrorHandler/"set_error()"> - -=item thaw($class, $string) - -Received two arguments. First is the class name, second is the I<frozen> data string. Should return thawed data structure on success, undef on failure. Error message should be set using C<set_error()|CGI::Session::ErrorHandler/"set_error()"> - -=back - -=head1 LICENSING - -For support and licensing see L<CGI::Session|CGI::Session> - -=cut diff --git a/qooxdoo/source/perl/CGI/Session/Serialize/json.pm b/qooxdoo/source/perl/CGI/Session/Serialize/json.pm deleted file mode 100644 index 2f8c8bb..0000000 --- a/qooxdoo/source/perl/CGI/Session/Serialize/json.pm +++ /dev/null @@ -1,64 +0,0 @@ -package CGI::Session::Serialize::json; - -use strict; -use CGI::Session::ErrorHandler; - -$CGI::Session::Serialize::json::VERSION = '4.20'; -@CGI::Session::Serialize::json::ISA = ( "CGI::Session::ErrorHandler" ); -our $Flavour; - -unless($Flavour) { - my $package = (grep { eval("use $_ (); 1;") } qw(JSON::Syck))[0] - or die "JSON::Syck is required to use ", __PACKAGE__; - $Flavour = $package; -} - -sub freeze { - my ($self, $data) = @_; - return $Flavour->can('Dump')->($data); -} - - -sub thaw { - my ($self, $string) = @_; - return ($Flavour->can('Load')->($string))[0]; -} - -1; - -__END__; - -=pod - -=head1 NAME - -CGI::Session::Serialize::json - serializer for CGI::Session - -=head1 DESCRIPTION - -This library can be used by CGI::Session to serialize session data. Requires -L<JSON::Syck|JSON::Syck>. JSON is a type of L<YAML|CGI::Session::Serialize::yaml>, -with one extension: serialized JSON strings are actually valid JavaScript -code that a browser can execute. Any langauge that has a YAML parser -(Perl, PHP, Python, Ruby, C, etc) can also read data that has been serialized -with JSON. - -=head1 METHODS - -=over 4 - -=item freeze($class, \%hash) - -Receives two arguments. First is the class name, the second is the data to be serialized. Should return serialized string on success, undef on failure. Error message should be set using C<set_error()|CGI::Session::ErrorHandler/"set_error()"> - -=item thaw($class, $string) - -Received two arguments. First is the class name, second is the I<JSON> data string. Should return thawed data structure on success, undef on failure. Error message should be set using C<set_error()|CGI::Session::ErrorHandler/"set_error()"> - -=back - -=head1 SEE ALSO - -L<CGI::Session>, L<JSON::Syck>. - -=cut diff --git a/qooxdoo/source/perl/CGI/Session/Serialize/storable.pm b/qooxdoo/source/perl/CGI/Session/Serialize/storable.pm deleted file mode 100644 index 6ac2dae..0000000 --- a/qooxdoo/source/perl/CGI/Session/Serialize/storable.pm +++ /dev/null @@ -1,60 +0,0 @@ -package CGI::Session::Serialize::storable; - -# $Id: storable.pm 351 2006-11-24 14:16:50Z markstos $ - -use strict; -use Storable; -require CGI::Session::ErrorHandler; - -$CGI::Session::Serialize::storable::VERSION = "4.20"; -@CGI::Session::Serialize::ISA = ( "CGI::Session::ErrorHandler" ); - -=pod - -=head1 NAME - -CGI::Session::Serialize::storable - Serializer for CGI::Session - -=head1 DESCRIPTION - -This library can be used by CGI::Session to serialize session data. Uses L<Storable|Storable>. - -=head1 METHODS - -=over 4 - -=item freeze($class, \%hash) - -Receives two arguments. First is the class name, the second is the data to be serialized. -Should return serialized string on success, undef on failure. Error message should be set using -C<set_error()|CGI::Session::ErrorHandler/"set_error()"> - -=cut - -sub freeze { - my ($self, $data) = @_; - return Storable::freeze($data); -} - -=item thaw($class, $string) - -Receives two arguments. First is the class name, second is the I<frozen> data string. Should return -thawed data structure on success, undef on failure. Error message should be set -using C<set_error()|CGI::Session::ErrorHandler/"set_error()"> - -=back - -=cut - -sub thaw { - my ($self, $string) = @_; - return Storable::thaw($string); -} - -=head1 LICENSING - -For support and licensing see L<CGI::Session|CGI::Session> - -=cut - -1; diff --git a/qooxdoo/source/perl/CGI/Session/Serialize/yaml.pm b/qooxdoo/source/perl/CGI/Session/Serialize/yaml.pm deleted file mode 100644 index fd276d8..0000000 --- a/qooxdoo/source/perl/CGI/Session/Serialize/yaml.pm +++ /dev/null @@ -1,67 +0,0 @@ -package CGI::Session::Serialize::yaml; - -use strict; -use CGI::Session::ErrorHandler; - -$CGI::Session::Serialize::yaml::VERSION = '4.20'; -@CGI::Session::Serialize::yaml::ISA = ( "CGI::Session::ErrorHandler" ); -our $Flavour; - -unless($Flavour) { - my $package = (grep { eval("use $_ (); 1;") } qw(YAML::Syck YAML))[0] - or die "Either YAML::Syck or YAML are required to use ", __PACKAGE__; - $Flavour = $package; -} - -sub freeze { - my ($self, $data) = @_; - return $Flavour->can('Dump')->($data); -} - - -sub thaw { - my ($self, $string) = @_; - return ($Flavour->can('Load')->($string))[0]; -} - -1; - -__END__; - -=pod - -=head1 NAME - -CGI::Session::Serialize::yaml - serializer for CGI::Session - -=head1 DESCRIPTION - -This library can be used by CGI::Session to serialize session data. It uses -L<YAML|YAML>, or the faster C implementation, L<YAML::Syck|YAML::Syck> -if it is available. YAML serializers exist not just for Perl but also other -dynamic languages, such as PHP, Python, and Ruby, so storing session data -in this format makes it easy to share session data across different languages. - -YAML is made to be friendly for humans to parse as well as other computer -languages. It creates a format that is easier to read than the default -serializer. - -=head1 METHODS - -=over 4 - -=item freeze($class, \%hash) - -Receives two arguments. First is the class name, the second is the data to be serialized. Should return serialized string on success, undef on failure. Error message should be set using C<set_error()|CGI::Session::ErrorHandler/"set_error()"> - -=item thaw($class, $string) - -Received two arguments. First is the class name, second is the I<YAML> data string. Should return thawed data structure on success, undef on failure. Error message should be set using C<set_error()|CGI::Session::ErrorHandler/"set_error()"> - -=back - -=head1 SEE ALSO - -L<CGI::Session>, L<YAML>, L<YAML::Syck>. - -=cut diff --git a/qooxdoo/source/perl/CGI/Session/Test/Default.pm b/qooxdoo/source/perl/CGI/Session/Test/Default.pm deleted file mode 100644 index 5eca1a3..0000000 --- a/qooxdoo/source/perl/CGI/Session/Test/Default.pm +++ /dev/null @@ -1,426 +0,0 @@ -package CGI::Session::Test::Default; - -use strict; -use Carp; -use Test::More (); -use Data::Dumper; -use Scalar::Util "refaddr"; - -our $AUTOLOAD; -our $CURRENT; -sub ok_later (&;$); - - -$CGI::Session::Test::Default::VERSION = '4.20'; - -=head1 CGI::Session::Test::Default - -Run a suite of tests for a given CGI::Session::Driver - -=head2 new() - - my $t = CGI::Session::Test::Default->new( - # These are all optional, with default as follows - dsn => "driver:file", - args => undef, - tests => 77, - ); - -Create a new test object, possibly overriding some defaults. - -=cut - -sub new { - my $class = shift; - my $self = bless { - dsn => "driver:file", - args => undef, - tests => 101, - test_number => 0, - @_ - }, $class; - - if($self->{skip}) { - $self->{_skip} = { map { $_ => $_ } @{$self->{skip}} }; - } else { - $self->{_skip} = {}; - } - - return $self; -} - -=head2 number_of_tests() - - my $new_num = $t->number_of_tests($new_num); - -A setter/accessor method to affect the number of tests to run, -after C<new()> has been called and before C<run()>. - -=cut - -sub number_of_tests { - my $self = shift; - - if ( @_ ) { - $self->{tests} = $_[0]; - } - - return $self->{tests}; -} - -=head2 run() - - $t->run(); - -Run the test suite. See C<new()> for setting related options. - -=cut - -sub run { - my $self = shift; - - $CURRENT = $self; - use_ok("CGI::Session", "CGI::Session loaded successfully!"); - - my $sid = undef; - FIRST: { - ok(1, "=== 1 ==="); - my $session = CGI::Session->load() or die CGI::Session->errstr; - ok($session, "empty session should be created"); - ok(!$session->id); - ok($session->is_empty); - ok(!$session->is_expired); - - undef $session; - - $session = CGI::Session->new($self->{dsn}, '_DOESN\'T EXIST_', $self->{args}) or die CGI::Session->errstr; - ok( $session, "Session created successfully!"); - - # - # checking if the driver object created is really the driver requested: - # - my $dsn = $session->parse_dsn( $self->{dsn} ); - ok( ref $session->_driver eq "CGI::Session::Driver::" . $dsn->{driver}, ref $dsn->{Driver} ); - - ok( $session->ctime && $session->atime, "ctime & atime are set"); - ok( $session->atime == $session->ctime, "ctime == atime"); - ok( !$session->etime, "etime not set yet"); - - ok( $session->id, "session id is " . $session->id); - - $session->param('author', "Sherzod Ruzmetov"); - $session->param(-name=>'emails', -value=>['sherzodr@cpan.org', 'sherzodr@handalak.com']); - $session->param('blogs', { - './lost+found' => 'http://author.handalak.com/', - 'Yigitlik sarguzashtlari' => 'http://author.handalak.com/uz/' - }); - - ok( ($session->param) == 3, "session holds 3 params" . scalar $session->param ); - ok( $session->param('author') eq "Sherzod Ruzmetov", "My name's correct!"); - - ok( ref ($session->param('emails')) eq 'ARRAY', "'emails' holds list of values" ); - ok( @{ $session->param('emails') } == 2, "'emails' holds list of two values"); - ok( $session->param('emails')->[0] eq 'sherzodr@cpan.org', "first value of 'emails' is correct!"); - ok( $session->param('emails')->[1] eq 'sherzodr@handalak.com', "second value of 'emails' is correct!"); - - ok( ref( $session->param('blogs') ) eq 'HASH', "'blogs' holds a hash"); - ok( $session->param('blogs')->{'./lost+found'} eq 'http://author.handalak.com/', "first blog is correct"); - ok( $session->param('blogs')->{'Yigitlik sarguzashtlari'} eq 'http://author.handalak.com/uz/', "second blog is correct"); - - $sid = $session->id; - $session->flush(); - } - - sleep(1); - - SECOND: { - SKIP: { - ok(1, "=== 2 ==="); - my $session; - eval { $session = CGI::Session->load($self->{dsn}, $sid, $self->{args}) }; - - if ($@ || CGI::Session->errstr) { - Test::More::skip("couldn't load session, bailing out: SQLite/Storable support is TODO", 56); - } - - is($@.CGI::Session->errstr,'','survived eval without error.'); - ok($session, "Session was retrieved successfully"); - ok(!$session->is_expired, "session isn't expired yet"); - - is($session->id,$sid, "session IDs are consistent"); - ok($session->atime > $session->ctime, "ctime should be older than atime"); - ok(!$session->etime, "etime shouldn't be set yet"); - - ok( ($session->param) == 3, "session should hold params" ); - ok( $session->param('author') eq "Sherzod Ruzmetov", "my name's correct"); - - ok( ref ($session->param('emails')) eq 'ARRAY', "'emails' should hold list of values" ); - ok( @{ $session->param('emails') } == 2, "'emails' should hold list of two values"); - ok( $session->param('emails')->[0] eq 'sherzodr@cpan.org', "first value is correct!"); - ok( $session->param('emails')->[1] eq 'sherzodr@handalak.com', "second value is correct!"); - - ok( ref( $session->param('blogs') ) eq 'HASH', "'blogs' holds a hash"); - ok( $session->param('blogs')->{'./lost+found'} eq 'http://author.handalak.com/', "first blog is correct!"); - ok( $session->param('blogs')->{'Yigitlik sarguzashtlari'} eq 'http://author.handalak.com/uz/', "second blog is correct!"); - - # TODO: test many any other variations of expire() syntax - $session->expire('+1s'); - ok($session->etime == 1, "etime set to 1 second"); - - $session->expire("+1m"); - ok($session->etime == 60, "etime set to one minute"); - - $session->expires("2h"); - ok($session->etime == 7200, "etime set to two hours"); - - $session->expires("5d"); - ok($session->etime == 432000, "etime set to 5 days"); - - $session->expires("-10s"); - ok($session->etime == -10, "etime set to 10 seconds in the past"); - - # - # Setting the expiration time back to 1s, so that subsequent tests - # relying on this value pass - # - $session->expire("1s"); - ok($session->etime == 1, "etime set back to one second"); - eval { $session->close(); }; - is($@, '', 'calling close method survives eval'); - } - } - - sleep(1); # <-- letting the time tick - - my $driver; - THREE: { - ok(1, "=== 3 ==="); - my $session = CGI::Session->load($self->{dsn}, $sid, $self->{args}) or die CGI::Session->errstr; - ok($session, "Session instance loaded "); - ok(!$session->id, "session doesn't have ID"); - ok($session->is_empty, "session is empty, which is the same as above"); - #print $session->dump; - ok($session->is_expired, "session was expired"); - ok(!$session->param('author'), "session data cleared"); - - sleep(1); - - $session = $session->new() or die CGI::Session->errstr; - #print $session->dump(); - ok($session, "new session created"); - ok($session->id, "session has id :" . $session->id ); - ok(!$session->is_expired, "session isn't expired"); - ok(!$session->is_empty, "session isn't empty"); - ok($session->atime == $session->ctime, "access and creation times are same"); - - ok($session->id ne $sid, "it's a completely different session than above"); - - $driver = $session->_driver(); - $sid = $session->id; - } - - - - FOUR: { - # We are intentionally removing the session stored in the datastore and will be requesting - # re-initialization of that id. This test is necessary since I noticed weird behaviors in - # some of my web applications that kept creating new sessions when the object requested - # wasn't in the datastore. - ok(1, "=== 4 ==="); - - ok($driver->remove( $sid ), "Session '$sid' removed from datastore successfully"); - - my $session = CGI::Session->new($self->{dsn}, $sid, $self->{args} ) or die CGI::Session->errstr; - ok($session, "session object created successfully"); - ok($session->id ne $sid, "claimed ID ($sid) couldn't be recovered. New ID is: " . $session->id); - $sid = $session->id; - } - - - - FIVE: { - ok(1, "=== 5 ==="); - my $session = CGI::Session->new($self->{dsn}, $sid, $self->{args}) or die CGI::Session->errstr; - ok($session, "Session object created successfully"); - ok($session->id eq $sid, "claimed id ($sid) was recovered successfully!"); - - # Remove the object, finally! - $session->delete(); - } - - - SIX: { - ok(1, "=== 6 ==="); - my $session = CGI::Session->new($self->{dsn}, $sid, $self->{args}) or die CGI::Session->errstr; - ok($session, "Session object created successfully"); - ok($session->id ne $sid, "New object created, because previous object was deleted"); - $sid = $session->id; - - # - # creating a simple object to be stored into session - my $simple_class = SimpleObjectClass->new(); - ok($simple_class, "SimpleObjectClass created successfully"); - - $simple_class->name("Sherzod Ruzmetov"); - $simple_class->emails(0, 'sherzodr@handalak.com'); - $simple_class->emails(1, 'sherzodr@cpan.org'); - $simple_class->blogs('lost+found', 'http://author.handalak.com/'); - $simple_class->blogs('yigitlik', 'http://author.handalak.com/uz/'); - $session->param('simple_object', $simple_class); - - ok($session->param('simple_object')->name eq "Sherzod Ruzmetov"); - ok($session->param('simple_object')->emails(1) eq 'sherzodr@cpan.org'); - ok($session->param('simple_object')->blogs('yigitlik') eq 'http://author.handalak.com/uz/'); - - # - # creating an overloaded object to be stored into session - my $overloaded_class = OverloadedObjectClass->new("ABCDEFG"); - ok($overloaded_class, "OverloadedObjectClass created successfully"); - ok(overload::Overloaded($overloaded_class) , "OverloadedObjectClass is properly overloaded"); - ok(ref ($overloaded_class) eq "OverloadedObjectClass", "OverloadedObjectClass is an object"); - $session->param("overloaded_object", $overloaded_class); - - ok($session->param("overloaded_object") eq "ABCDEFG"); - - my $simple_class2 = SimpleObjectClass->new(); - ok($simple_class2, "SimpleObjectClass created successfully"); - - $simple_class2->name("Sherzod Ruzmetov"); - $simple_class2->emails(0, 'sherzodr@handalak.com'); - $simple_class2->emails(1, 'sherzodr@cpan.org'); - $simple_class2->blogs('lost+found', 'http://author.handalak.com/'); - $simple_class2->blogs('yigitlik', 'http://author.handalak.com/uz/'); - my $embedded = OverloadedObjectClass->new("Embedded"); - $session->param("embedded_simple_and_overloaded",[ undef, $simple_class2, $embedded, $embedded ]); - - ok(!defined($session->param("embedded_simple_and_overloaded")->[0]),"First element of anonymous array undef"); - - ok($session->param("embedded_simple_and_overloaded")->[1]->name eq "Sherzod Ruzmetov"); - ok($session->param("embedded_simple_and_overloaded")->[1]->emails(1) eq 'sherzodr@cpan.org'); - ok($session->param("embedded_simple_and_overloaded")->[1]->blogs('yigitlik') eq 'http://author.handalak.com/uz/'); - - ok($session->param("embedded_simple_and_overloaded")->[2] eq "Embedded"); - - ok(refaddr($session->param("embedded_simple_and_overloaded")->[2]) == refaddr($session->param("embedded_simple_and_overloaded")->[3] ), - "Overloaded objects have matching addresses"); - } - - - SEVEN: { - ok(1, "=== 7 ==="); - my $session = CGI::Session->new($self->{dsn}, $sid, $self->{args}) or die CGI::Session->errstr; - ok($session, "Session object created successfully"); - ok($session->id eq $sid, "Previously stored object loaded successfully"); - - - my $simple_object = $session->param("simple_object"); - ok(ref $simple_object eq "SimpleObjectClass", "SimpleObjectClass loaded successfully"); - - my $dsn = CGI::Session->parse_dsn($self->{dsn}); - ok_later { $simple_object->name eq "Sherzod Ruzmetov" }; - ok_later { $simple_object->emails(1) eq 'sherzodr@cpan.org' }; - ok_later { $simple_object->emails(0) eq 'sherzodr@handalak.com' }; - ok_later { $simple_object->blogs('lost+found') eq 'http://author.handalak.com/' }; - ok(ref $session->param("overloaded_object") ); - ok($session->param("overloaded_object") eq "ABCDEFG", "Object is still overloaded"); - ok(overload::Overloaded($session->param("overloaded_object")), "Object is really overloaded"); - - ok(!defined($session->param("embedded_simple_and_overloaded")->[0]),"First element of anonymous array undef"); - - my $simple_object2 = $session->param("embedded_simple_and_overloaded")->[1]; - ok(ref $simple_object2 eq "SimpleObjectClass", "SimpleObjectClass loaded successfully"); - - ok_later { $simple_object2->name eq "Sherzod Ruzmetov" }; - ok_later { $simple_object2->emails(1) eq 'sherzodr@cpan.org' }; - ok_later { $simple_object2->emails(0) eq 'sherzodr@handalak.com' }; - ok_later { $simple_object2->blogs('lost+found') eq 'http://author.handalak.com/' }; - - - ok($session->param("embedded_simple_and_overloaded")->[2] eq "Embedded"); - ok(overload::Overloaded($session->param("embedded_simple_and_overloaded")->[2]), "Object is really overloaded"); - - ok(refaddr($session->param("embedded_simple_and_overloaded")->[2]) == refaddr($session->param("embedded_simple_and_overloaded")->[3]), - "Overloaded objects have matching addresses"); - $session->delete(); - } - - $CURRENT = undef; - $self->{test_number} = 0; -} - -sub skip_or_run { - my $test = shift; - - $CURRENT->{test_number} ++; - - SKIP: { - if($CURRENT->{_skip}->{$CURRENT->{test_number}}) { - Test::More::skip("Test does not apply to this setup.", 1); - } - - no strict 'refs'; - &{"Test::More::$test"}(@_); - } -} - -sub ok { skip_or_run("ok", @_); } -sub use_ok { skip_or_run("use_ok", @_); } -sub is { skip_or_run("is", @_); } - -sub ok_later (&;$) { - my($code, $name) = @_; - - $CURRENT->{test_number} ++; - $name = '' unless $name; - - SKIP: { - if($CURRENT->{_skip}->{$CURRENT->{test_number}}) { - Test::More::skip("Test does not apply to this setup.", 1); - fail($name); - } else { - Test::More::ok($code->(), $name); - } - } -} - -sub DESTROY { 1; } - - -package SimpleObjectClass; -use strict; -use Class::Struct; - -struct ( - name => '$', - emails => '@', - blogs => '%' -); - - - -package OverloadedObjectClass; - -use strict; -use overload ( - '""' => \&as_string, - 'eq' => \&equals -); - -sub new { - return bless { - str_value => $_[1] - }, $_[0]; -} - - -sub as_string { - return $_[0]->{str_value}; -} - -sub equals { - my ($self, $arg) = @_; - - return ($self->as_string eq $arg); -} - -1; diff --git a/qooxdoo/source/perl/CGI/Session/Tutorial.pm b/qooxdoo/source/perl/CGI/Session/Tutorial.pm deleted file mode 100644 index 9b21dc3..0000000 --- a/qooxdoo/source/perl/CGI/Session/Tutorial.pm +++ /dev/null @@ -1,357 +0,0 @@ -package CGI::Session::Tutorial; - -# $Id: Tutorial.pm 351 2006-11-24 14:16:50Z markstos $ - -$CGI::Session::Tutorial::VERSION = '4.20'; - -=pod - -=head1 NAME - -CGI::Session::Tutorial - Extended CGI::Session manual - -=head1 STATE MAINTENANCE OVERVIEW - -Since HTTP is a stateless protocol, each subsequent click to a web site is treated as new request by the Web server. The server does not relate a visit with a previous one, thus all the state information from the previous requests are lost. This makes creating such applications as shopping carts, web sites requiring users to authenticate, impossible. So people had to do something about this despair situation HTTP was putting us in. - -For our rescue come such technologies as I<HTTP Cookies> and I<QUERY_STRING>s that help us save the users' session for a certain period. Since I<HTTP Cookies> and I<QUERY_STRING>s alone cannot take us too far (B<RFC 2965, Section 5, "Implementation Limitations">), several other libraries have been developed to extend their capabilities and promise a more reliable solution. L<CGI::Session|CGI::Session> is one of them. - -Before we discuss this library, let's look at some alternative solutions. - -=head2 COOKIE - -Cookie is a piece of text-information that a web server is entitled to place in the user's hard disk, assuming a user agent (such as Internet Explorer, Mozilla, etc) is compatible with the specification. After the cookie is placed, user agents are required to send these cookies back to the server as part of the HTTP request. This way the server application ( CGI, for example ) will have a way of relating previous requests by the same user agent, thus overcoming statelessness of HTTP. - -Although I<HTTP Cookies> seem to be promising solution for the statelessness of HTTP, they do carry certain limitations, such as limited number of cookies per domain and per user agent and limited size on each cookie. User Agents are required to store at least 300 cookies at a time, 20 cookies per domain and allow 4096 bytes of storage for each cookie. They also rise several Privacy and Security concerns, the lists of which can be found on the sections B<6-"Privacy"> and B<7-"Security Considerations"> of B<RFC 2965>. - -=head2 QUERY STRING - -Query string is a string appended to URL following a question mark (?) such as: - - http://my.dot.com/login.cgi?user=sherzodr;password=top-secret - -As you probably guessed, it can also help you pass state information from a click to another, but how secure is it do you think, considering these URLs tend to get cached by most of the user agents and also logged in the servers access log, to which everyone can have access. - -=head2 HIDDEN FIELDS - -Hidden field is another alternative to using query strings and they come in two flavors: hidden fields used in POST methods and the ones in GET. The ones used in GET methods will turn into a true query strings once submitted, so all the disadvantages of QUERY_STRINGs apply. Although POST requests do not have limitations of its sister-GET, the pages that hold them get cached by Web browser, and are available within the source code of the page (obviously). They also become unwieldily to manage when one has oodles of state information to keep track of ( for instance, a shopping cart or an advanced search engine). - -Query strings and hidden fields are also lost easily by closing the browser, or by clicking the browser's "Back" button. - -=head2 SERVER SIDE SESSION MANAGEMENT - -This technique is built upon the aforementioned technologies plus a server-side storage device, which saves the state data on the server side. Each session has a unique id associated with the data in the server. This id is also associated with the user agent either in the form of a I<HTTP Cookie>, a I<QUERY_STRING>, hidden field or any combination of the above. This is necessary to make the connection with the client and his data. - -Advantages: - -=over 4 - -=item * - -We no longer need to depend on User Agent constraints in cookie size. - -=item * - -Sensitive data no longer need to be traveling across the network at each request (which is the case with query strings, cookies and hidden fields). The only thing that travels is the unique id generated for the session (B<5767393932698093d0b75ef614376314>, for instance), which should make no sense to third parties. - -=item * - -User will not have sensitive data stored in his/her computer in unsecured file (which is a cookie file). - -=item * - -It's possible to handle very big and even complex data structures transparently (which I<HTTP Cookies> do not handle). - -=back - -That's what CGI::Session is all about - implementing server side session management. Now is a good time to get feet wet. - -=head1 PROGRAMMING STYLE - -Server side session management system might be seeming awfully convoluted if you have never dealt with it. Fortunately, with L<CGI::Session|CGI::Session> all the complexity is handled by the library transparently. This section of the manual can be treated as an introductory tutorial to both logic behind session management, and to CGI::Session programming style. - -All applications making use of server side session management rely on the following pattern of operation regardless of the way the system is implemented: - -=over 4 - -=item 1 - -Check if the user has session cookie dropped in his computer from previous request - -=item 2 - -If the cookie does not exist, create a new session identifier, and drop it as cookie to the user's computer. - -=item 3 - -If session cookie exists, read the session ID from the cookie and load any previously saved session data from the server side storage. If session had any expiration date set it's useful to re-drop the same cookie to the user's computer so its expiration time will be reset to be relative to user's last activity time. - -=item 4 - -Store any necessary data in the session that you want to make available for the next HTTP request. - -=back - -CGI::Session will handle all of the above steps. All you have to do is to choose what to store in the session. - -=head2 GETTING STARTED - -To make L<CGI::Session|CGI::Session>'s functionality available in your program do either of the following somewhere on top of your program file: - - use CGI::Session; - # or - require CGI::Session; - -Whenever you're ready to create a new session in your application, do the following: - - $session = new CGI::Session() or die CGI::Session->errstr; - -Above line will first try to re-initialize an existing session by consulting cookies and necessary QUERY_STRING parameters. If it fails will create a brand new session with a unique ID, which is normally called I<session ID>, I<SID> for short, and can be accessed through L<id()|CGI::Session/id()> - object method. - -We didn't check for any session cookies above, did we? No, we didn't, but CGI::Session did. It looked for a cookie called C<CGISESSID>, and if it found it tried to load existing session from server side storage (B<file> in our case). If cookie didn't exist it looked for a QUERY_STRING parameter called C<CGISESSID>. If all the attempts to recover session ID failed, it created a new session. - -NOTE: For the above syntax to work as intended your application needs to have write access to your computer's I<TEMPDIR> folder, which is usually F</tmp> in UNIX. If it doesn't, or if you wish to store this application's session files in a different place, you may pass the third argument like so: - - $session = new CGI::Session(undef, undef, {Directory=>'../tmp/sessions'}); - -Now it will store all the newly created sessions in (and will attempt to initialize requested sessions from) that folder. Don't worry if the directory hierarchy you want to use doesn't already exist. It will be created for you. For details on how session data are stored refer to L<CGI::Session::Driver::file|CGI::Session::Driver::file>, which is the default driver used in our above example. - -There is one small, but very important thing your application needs to perform after creating CGI::Session object as above. It needs to drop Session ID as an I<HTTP cookie> into the user's computer. CGI::Session will use this cookie to identify the user at his/her next request and will be able to load his/her previously stored session data. - -To make sure CGI::Session will be able to read your cookie at next request you need to consult its C<name()> method for cookie's suggested name: - - $cookie = $query->cookie( -name => $session->name, - -value => $session->id ); - print $query->header( -cookie=>$cookie ); - -C<name()> returns C<CGISESSID> by default. If you prefer a different cookie name, you can change it as easily too, but you have to do it before CGI::Session object is created: - - CGI::Session->name("SID"); - $session = new CGI::Session(); - -Baking the cookie wasn't too difficult, was it? But there is an even easier way to send a cookie using CGI::Session: - - print $session->header(); - -The above will create the cookie using L<CGI::Cookie|CGI::Cookie> and will return proper http headers using L<CGI.pm|CGI>'s L<CGI|CGI/header()> method. Any arguments to L<CGI::Session|CGI::Session/header()> will be passed to L<CGI::header()|CGI/header()>. - -Of course, this method of initialization will only work if client is accepting cookies. If not you would have to pass session ID in each URL of your application as QUERY_STRING. For CGI::Session to detect it the name of the parameter should be the same as returned by L<name()|CGI::Session/name()>: - - printf ("<a href=\"$ENV{SCRIPT_NAME}?%s=%s\">click me</a>", $session->name, $session->id); - -If you already have session id to be initialized you may pass it as the only argument, or the second argument of multi-argument syntax: - - $session = new CGI::Session( $sid ); - $session = new CGI::Session( "serializer:freezethaw", $sid ); - $session = new CGI::Session( "driver:mysql", $sid, {Handle=>$dbh} ); - -By default CGI::Session uses standard L<CGI|CGI> to parse queries and cookies. If you prefer to use a different, but compatible object you can pass that object in place of $sid: - - $cgi = new CGI::Simple(); - $session = new CGI::Session ( $cgi ); - $session = new CGI::Session( "driver:db_file;serializer:storable", $cgi); - # etc - -See L<CGI::Simple|CGI::Simple> - -=head2 STORING DATA - -L<CGI::Session|CGI::Session> offers L<param() method|CGI::Session/param()>, which behaves exactly as L<CGI.pm's param()|CGI/param()> with identical syntax. L<param()|CGI::Session/param()> is used for storing data in session as well as for accessing already stored data. - -Imagine your customer submitted a login form on your Web site. You, as a good host, wanted to remember the guest's name, so you can a) greet him accordingly when he visits your site again, or b) to be helpful by filling out I<user name> part of his login form, so the customer can jump right to the I<password> field without having to type his username again. - - my $name = $cgi->param('username'); - $session->param('username', $name); - -Notice, we're grabbing I<username> value of the field using CGI.pm's (or another compatible library's) C<param()> method, and storing it in session using L<CGI::Session|CGI::Session>'s L<param()|CGI::Session/param()> method. - -If you have too many stuff to transfer into session, you may find yourself typing the above code over and over again. I've done it, and believe me, it gets very boring too soon, and is also error-prone. So we introduced the following handy method: - - $session->save_param(['name']); - -If you wanted to store multiple form fields just include them all in the second list: - - $session->save_param(['name', 'email']); - -If you want to store all the available I<QUERY_STRING> parameters you can omit the arguments: - - $session->save_param(); - -See L<save_param()|CGI::Session/save_param> for more details. - -When storing data in the session you're not limited to strings. You can store arrays, hashes and even most objects. You will need to pass them as references (except objects). - -For example, to get all the selected values of a scrolling list and store it in the session: - - my @fruits = $cgi->param('fruits'); - $session->param('fruits', \@fruits); - -For parameters with multiple values save_param() will do the right thing too. So the above is the same as: - - $session->save_param($cgi, ['fruits']); - -All the updates to the session data using above methods will not reflect in the data store until your application exits, or C<$session> goes out of scope. If, for some reason, you need to commit the changes to the data store before your application exits you need to call L<flush()|CGI::Session/flush()> method: - - $session->flush(); - -I've written a lot of code, and never felt need for using C<flush()> method, since CGI::Session calls this method at the end of each request. There are, however, occasions I can think of one may need to call L<flush()|CGI::Session/flush()>. - -=head2 ACCESSING STORED DATA - -There's no point of storing data if you cannot access it. You can access stored session data by using the same L<param() method|CGI::Session/param()> you once used to store them. Remember the Username field from the previous section that we stored in the session? Let's read it back so we can partially fill the Login form for the user: - - $name = $session->param("name"); - printf "<input type=\"text\" name=\"name\" value=\"%s\" />", $name; - -To retrieve previously stored @fruits do not forget to de reference it: - - @fruits = @{ $session->param('fruits') }; - -Very frequently, you may find yourself having to create pre-filled and pre-selected forms, like radio buttons, checkboxes and drop down menus according to the user's preferences or previous action. With text and textareas it's not a big deal - you can simply retrieve a single parameter from the session and hard code the value into the text field. But how would you do it when you have a group of radio buttons, checkboxes and scrolling lists? For this purpose, CGI::Session provides L<load_param()|CGI::Session/load_param()> method, which loads given session parameters to a CGI object (assuming they have been previously saved with L<save_param()|CGI::Session/save_param()> or alternative): - - $session->load_param($cgi, ["fruits"]); - -Now when you say: - - print $cgi->checkbox_group(fruits=>['apple', 'banana', 'apricot']); - -See L<load_param()|CGI::Session/load_param()> for details. - -Generated checkboxes will be pre-filled using previously saved information. To see example of a real session-powered application consider http://handalak.com/cgi-bin/subscriptions.cgi - -If you're making use of L<HTML::Template|HTML::Template> to separate the code from the skin, you can as well associate L<CGI::Session|CGI::Session> object with HTML::Template and access all the parameters from within HTML files. We love this trick! - - $template = new HTML::Template(filename=>"some.tmpl", associate=>$session); - print $template->output(); - -Assuming the session object stored "first_name" and "email" parameters while being associated with HTML::Template, you can access those values from within your "some.tmpl" file now: - - Hello <a href="mailto:<TMPL_VAR email>"> <TMPL_VAR first_name> </a>! - -See L<HTML::Template's online manual|HTML::Template> for details. - -=head2 CLEARING SESSION DATA - -You store session data, you access session data and at some point you will want to clear certain session data, if not all. For this purpose L<CGI::Session|CGI::Session> provides L<clear()|CGI::Session/clear()> method which optionally takes one argument as an arrayref indicating which session parameters should be deleted from the session object: - - $session->clear(["~logged-in", "email"]); - -Above line deletes "~logged-in" and "email" session parameters from the session. And next time you say: - - $email = $session->param("email"); - -it returns undef. If you omit the argument to L<clear()|CGI::Session/clear()>, be warned that all the session parameters you ever stored in the session object will get deleted. Note that it does not delete the session itself. Session stays open and accessible. It's just the parameters you stored in it gets deleted - -See L<clear()|CGI::Session/clear()> for details. - -=head2 DELETING A SESSION - -If there's a start there's an end. If session could be created, it should be possible to delete it from the disk for good: - - $session->delete(); - -The above call to L<delete()|CGI::Session/delete()> deletes the session from the disk for good. Do not confuse it with L<clear()|CGI::Session/clear()>, which only clears certain session parameters but keeps the session open. - -See L<delete()|CGI::Session/delete()> for details. - -=head2 EXPIRATION - -L<CGI::Session|CGI::Session> provides limited means to expire sessions. Expiring a session is the same as deleting it via delete(), but deletion takes place automatically. To expire a session, you need to tell the library how long the session would be valid after the last access time. When that time is met, CGI::Session refuses to retrieve the session. It deletes the session and returns a brand new one. To assign expiration ticker for a session, use L<expire()|CGI::Session/expire()>: - - $session->expire(3600); # expire after 3600 seconds - $session->expire('+1h'); # expire after 1 hour - $session->expire('+15m'); # expire after 15 minutes - $session->expire('+1M'); # expire after a month and so on. - -When session is set to expire at some time in the future, but session was not requested at or after that time has passed it will remain in the disk. When expired session is requested CGI::Session will remove the data from disk, and will initialize a brand new session. - -See L<expire()|CGI::Session/expire()> for details. - -Before CGI::Session 4.x there was no way of intercepting requests to expired sessions. CGI::Session 4.x introduced new kind of constructor, L<load()|CGI::Session/load()>, which is identical in use to L<new()|CGI::Session/new()>, but is not allowed to create sessions. It can only load them. If session is found to be expired, or session does not exist it will return an empty CGI::Session object. And if session is expired, in addition to being empty, its status will also be set to expired. You can check against these conditions using L<empty()|CGI::Session/empty()> and L<is_expired()|CGI::Session/is_expired()> methods. If session was loaded successfully object returned by C<load()> is as good a session as the one returned by C<new()>: - - $session = CGI::Session->load() or die CGI::Session->errstr; - if ( $session->is_expired ) { - die "Your session expired. Please refresh your browser to re-start your session"; - } - if ( $session->is_empty ) { - $session = $session->new(); - } - -Above example is worth an attention. Remember, all expired sessions are empty sessions, but not all empty sessions are expired sessions. Following this rule we have to check with C<is_expired()> before checking with C<is_empty()>. There is another thing about the above example. Notice how its creating new session when un existing session was requested? By calling C<new()> as an object method! Handy thing about that is, when you call C<new()> on a session object new object will be created using the same configuration as the previous object. - -For example: - - $session = CGI::Session->load("driver:mysql;serializer:storable", undef, {Handle=>$dbh}); - if ( $session->is_expired ) { - die "Your session is expired. Please refresh your browser to re-start your session"; - } - if ( $session->is_empty ) { - $session = $session->new(); - } - -Initial C<$session> object was configured with B<mysql> as the driver, B<storable> as the serializer and B<$dbh> as the database handle. Calling C< new() > on this object will return an object of the same configuration. So C< $session > object returned from C< new() > in the above example will use B<mysql> as the driver, B<storable> as the serializer and B<$dbh> as the database handle. - -See L<is_expired()|CGI::Session/is_expired()>, L<is_empty()|CGI::Session/is_empty()>, L<load()|CGI::Session/load()> for details. - -Sometimes it makes perfect sense to expire a certain session parameter, instead of the whole session. I usually do this in my login enabled sites, where after the user logs in successfully, I set his/her "_logged_in" session parameter to true, and assign an expiration ticker on that flag to something like 30 minutes. It means, after 30 idle minutes CGI::Session will L<clear|CGI::Session/clear()> "_logged_in" flag, indicating the user should log in over again. I agree, the same effect can be achieved by simply expiring() the session itself, but by doing this we would loose other session parameters, such as user's shopping cart, session-preferences and the like. - -This feature can also be used to simulate layered authentication, such as, you can keep the user's access to his/her personal profile information for as long as 60 minutes after a successful login, but expire his/her access to his credit card information after 5 idle minutes. To achieve this effect, we will use L<expire()|CGI::Session/expire()> method again: - - $session->expire(_profile_access, '1h'); - $session->expire(_cc_access, '5m'); - -With the above syntax, the person will still have access to his personal information even after 5 idle hours. But when he tries to access or update his/her credit card information, he may be displayed a "login again, please" screen. - -See L<expire()|CGI::Session/expire()> for details. - -This concludes our discussion of CGI::Session programming style. The rest of the manual covers some L<"SECURITY"> issues. Driver specs from the previous manual were moved to L<CGI::Session::Driver|CGI::Session::Driver>. - -=head1 SECURITY - -"How secure is using CGI::Session?", "Can others hack down people's sessions using another browser if they can get the session id of the user?", "Are the session ids easy to guess?" are the questions I find myself answering over and over again. - -=head2 STORAGE - -Security of the library does in many aspects depend on the implementation. After making use of this library, you no longer have to send all the information to the user's cookie except for the session id. But, you still have to store the data in the server side. So another set of questions arise, can an evil person get access to session data in your server, even if he does, can he make sense out of the data in the session file, and even if he can, can he reuse the information against a person who created that session. As you see, the answer depends on yourself who is implementing it. - -=over 4 - -=item * - -First rule of thumb, do not store users' passwords or other sensitive data in the session, please. If you have to, use one-way encryption, such as md5, or SHA-1-1. For my own experience I can assure you that in properly implemented session-powered Web applications there is never a need for it. - -=item * - -Default configuration of the driver makes use of L<Data::Dumper|Data::Dumper> class to serialize data to make it possible to save it in the disk. Data::Dumper's result is a human readable data structure, which, if opened, can be interpreted easily. If you configure your session object to use either L<Storable|CGI::Session::Serialize::storable> or L<FreezeThaw|CGI::Session::Serialize::freezethaw> as a serializer, this would make it more difficult for bad guys to make sense out of session data. But don't use this as the only precaution. Since evil fingers can type a quick program using L<Storable|Storable> or L<FreezeThaw|FreezeThaw> to decipher session files very easily. - -=item * - -Do not allow anyone to update contents of session files. If you're using L<default serializer|CGI::Session::Serialize::default> serialized data string needs to be eval()ed to bring the original data structure back to life. Of course, we use L<Safe|Safe> to do it safely, but your cautiousness does no harm either. - -=item * - -Do not keep sessions open for very long. This will increase the possibility that some bad guy may have someone's valid session id at a given time (acquired somehow). To do this use L<expire()|CGI::Session/expire()> method to set expiration ticker. The more sensitive the information on your Web site is, the sooner the session should be set to expire. - -=back - -=head2 SESSION IDs - -Session ids are not easily guessed (unless you're using L<incr ID generator|CGI::Session::ID::incr>)! Default configuration of CGI::Session uses L<Digest::MD5|CGI::Session::ID::md5> to generate random, 32 character long identifier. Although this string cannot be guessed as easily by others, if they find it out somehow, can they use this identifier against the other person? - -Consider the scenario, where you just give someone either via email or an instant messaging a link to a Web site where you're currently logged in. The URL you give to that person contains a session id as part of a query string. If the site was initializing the session solely using query string parameter, after clicking on that link that person now appears to that site as you, and might have access to all of your private data instantly. - -Even if you're solely using cookies as the session id transporters, it's not that difficult to plant a cookie in the cookie file with the same id and trick the web browser to send that particular session id to the server. So key for security is to check if the person who's asking us to retrieve a session data is indeed the person who initially created the session data. - -One way to help with this is by also checking that the IP address that the session is being used from is always same. However, this turns out not to be practical in common cases because some large ISPs (such as AOL) use proxies which cause each and every request from the same user to come from different IP address. - -If you have an application where you are sure your users' IPs are constant during a session, you can consider enabling an option to make this check: - - use CGI::Session ( '-ip_match' ); - -For backwards compatibility, you can also achieve this by setting $CGI::Session::IP_MATCH to a true value. This makes sure that before initializing a previously stored session, it checks if the ip address stored in the session matches the ip address of the user asking for that session. In which case the library returns the session, otherwise it dies with a proper error message. - -=head1 LICENSING - -For support and licensing see L<CGI::Session|CGI::Session> - -=cut |