[sword-devel] installmgr (and xiphos) crashes (svn 2831)
greg.hellings at gmail.com
Wed Jun 26 06:55:37 MST 2013
On Wed, Jun 26, 2013 at 8:35 AM, Jaak Ristioja <jaak at ristioja.ee> wrote:
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
> On 26.06.2013 16:25, Greg Hellings wrote:
> > bserver directory listing output (which is what I think it does).
> > V E R Y V E R Y B A D P R A C T I C E ! ! !
> > Parsing server output is bad practice? How in the world did you
> > reach that over-zealous conclusion?
> > --Greg
> I didn't. It is not safe to assume that web servers provide similar
> output for directory listings. They might even do AJAX or something
> which might only be reasonably interpreted by human (if at all:).
> Example: The current code doesn't work when links start with
> <a id="x" href="
> because it only searches for "<a href=". Even parsing the HTML
> properly would not be enough in some cases.
This is different than "V E R Y V E R Y B A D P R A C T I C E ! ! !"
Since the code was originally written and presented with the caveat that it
only works on the default Apache listings and has only been tested against
CrossWire and we make no guarantees about it working elsewhere (although I
have successfully used it on my own default Apache install), it is far from
the horrible practice you make it out to be.
> Therefore, it is not reasonable to try to parse the directory listing
> output of the webserver. Instead, better mechanisms should be used,
> e.g. custom-format index files, e.g. with a format like "one
> filename/URL per line, separated by '\n' characters.". Sword would
> just need to download a single file (instead of the webserver
> directory output listing), and parse that.
It is by design that we do not require this behavior. Some people wanted
it, as it would do exactly as you say, but one of the goals of the
FTPTransport is to make a minimum barrier to entry. As such, it requires
nothing more than pointing an FTP server at the root of a directory it has
read access to. Likewise the same requirement was placed on an HTTPTranport
(which was initially only put together by Nic because FTP was impossible
from iOS devices). We talked about having an index file like you suggest,
about requiring WebDAV, or something similar. But the choice was made for
simplicity (plus, it was "good enough" to fulfill the requirements of
PocketSword being unable to leverage FTP).
Now our list has expanded to include FTP, HTTP, HTTPS and SFTP. Everyone
agrees that the HTTP parsing is very much not ideal, but it does what it
needs to, and if you would like to improve it to do so better, you're free
to put in patches. I've made the patches for HTTPS and SFTP in the interest
of Wycliffe's requirements for security and access control. However, the
SFTP patch exposed an issue with our assumption of username-password
authentication techniques as it will also attempt private key
authentication if no username-password are given, but we have no way of
specifying the private key with the current InstallMgr configuration system
so it will only try for ~/.ssh/id_rsa.pub.
If you would like to improve it, without breaking PocketSword's reliance on
the functionality, feel free to submit patches.
> This is much easier to parse and handle error conditions, no need to
> try to interpret HTML, filter links etc...
> -----BEGIN PGP SIGNATURE-----
> Version: GnuPG v2.0.20 (GNU/Linux)
> -----END PGP SIGNATURE-----
> sword-devel mailing list: sword-devel at crosswire.org
> Instructions to unsubscribe/change your settings at above page
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the sword-devel