This is the mail archive of the gcc-patches@gcc.gnu.org mailing list for the GCC project.

Index Nav:	[Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav:	[Date Prev] [Date Next]	[Thread Prev] [Thread Next]
Other format:	[Raw text]

Re: PATCH gnatsweb.pl wrt to optimization/9086: Missing attachmentfor #9085

From: Segher Boessenkool <segher at koffie dot nl>
To: Gerald Pfeifer <pfeifer at dbai dot tuwien dot ac dot at>
Cc: Jeroen van Bemmel <j dot vanbemmel at home dot nl>, gcc-patches at gcc dot gnu dot org,Neil Booth <neil at daikokuya dot co dot uk>, gcc-bugs at gcc dot gnu dot org
Date: Tue, 31 Dec 2002 04:22:36 +0100
Subject: Re: PATCH gnatsweb.pl wrt to optimization/9086: Missing attachmentfor #9085
References: <20021228215240.7043.qmail@sources.redhat.com> <20021228220152.GA12300@daikokuya.co.uk> <Pine.BSF.4.51.0212291913291.90520@pulcherrima.dbai.tuwien.ac.at> <000701c2af68$9538c360$377c78d4@CC68271A> <Pine.BSF.4.51.0212292029140.90520@pulcherrima.dbai.tuwien.ac.at>

Gerald Pfeifer wrote:
> 
> On Sun, 29 Dec 2002, Jeroen van Bemmel wrote:
> > Yes, that might help a bit. But I'm sure there are other situations where
> > 'submit' detects something wrong,
> 
> Yes, you're right.
> 
> > can you patch those too?
> 
> Given that we want to switch froM GNATS to Bugzilla in the very near
> future

[snip]

Bugzilla suffers from the same problem.  Once your web browser changes
from URL, it forgets about file attachments you set in a form (and all
other values you set in the form), and rightfully so, because of
security considerations (or at least it should!)
If the server-side script detects problems with the form, it can present
the form to the user again, with the values it already received filled
in as default values, but not so for file attachments (security again).

One thing that could be done about this is providing client-side
pre-validation of the form when pressing submit (via javascript or such);
another possibility is making it a two-step submit process, asking the
user for file attachments _after_ the server decides the rest of the form
is okay.  Always keeping in mind not every user has javascript, of course.

The third and easiest solution would be adding a field "number of attachments"
and having the server-side complain and the user rectify the problem
if this number is inconsistent with the actual received attachments.  A simple
flag "with attachments" might be enough, too.
I recommend this solution, as it's probably the most robust, and quite easy to
implement, too.  Sorry, no patch; I would have no way of testing it.

Web "applications" suck ;)

Segher

Follow-Ups:
- Re: PATCH gnatsweb.pl wrt to optimization/9086: Missing attachmentfor #9085
  - From: Jeroen van Bemmel

References:
- PATCH gnatsweb.pl wrt to optimization/9086: Missing attachment for#9085
  - From: Gerald Pfeifer
- Re: PATCH gnatsweb.pl wrt to optimization/9086: Missing attachment for #9085
  - From: Jeroen van Bemmel
- Re: PATCH gnatsweb.pl wrt to optimization/9086: Missing attachmentfor #9085
  - From: Gerald Pfeifer

Index Nav:	[Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav:	[Date Prev] [Date Next]	[Thread Prev] [Thread Next]