[squeak-dev] The Inbox: WebClient-Help-hjh.12.mcz

Tobias Pape Das.Linux at gmx.de
Thu Mar 21 08:22:49 UTC 2019


> On 21.03.2019, at 09:17, commits at source.squeak.org wrote:
> 
> A new version of WebClient-Help was added to project The Inbox:
> http://source.squeak.org/inbox/WebClient-Help-hjh.12.mcz
> 
> ==================== Summary ====================
> 
> Name: WebClient-Help-hjh.12
> Author: hjh
> Time: 21 March 2019, 9:17:15.221027 am
> UUID: de170216-199a-4a97-9611-ca13691657f1
> Ancestors: WebClient-Help-kfr.11
> 
> Replace  Smalltalk with SmalltalkImage current.
> 

Why? Especially, since SmalltalkImage class>>current reads:

current
	"Deprecated. Use Smalltalk instead."
	^Smalltalk

Best regards
	-Tobias

> =============== Diff against WebClient-Help-kfr.11 ===============
> 
> Item was changed:
>  ----- Method: WebServerHelp class>>addingActions (in category 'pages') -----
>  addingActions
>  	"This method was automatically generated. Edit it using:"
>  	"WebServerHelp edit: #addingActions"
> + 	^(HelpTopic
> - 	^HelpTopic
>  		title: 'Adding Actions'
>  		contents: 
>  'Let''s add some real stuff that might be useful on a server:
> 
>  	WebServer default addService: ''/smalltalk'' action:[:req| | action |
>  		action := (req fields at: ''get'' ifAbsent:['''']) asSymbol.
> + 		req send200Response: (SmalltalkImage current perform: action) asString
> - 		req send200Response: (Smalltalk perform: action) asString
>  	].
> 
>  We can now request some interesting things like:
> 
>  	(WebClient httpGet:''http://localhost:8080/smalltalk?get=systemInformationString'') content.
>  	(WebClient httpGet:''http://localhost:8080/smalltalk?get=platformName'') content.
>  	
>  Obviously, this poses quite a risk for abuse. One way to limit this risk is to expose specific actions, such as here:
> 
>  	#(systemInformationString platformName) do:[:symbol|
>  		WebServer default addService: ''/info/'', symbol action:[:req|
>  			req send200Response: (Smalltalk perform: symbol) asString]].
> 
>  	(WebClient httpGet:''http://localhost:8080/info/systemInformationString'') content.
>  	(WebClient httpGet:''http://localhost:8080/info/platformName'') content.
> 
>  Alternatively, authentication can be used to limit access to exposed resources. 
>  !!
> + ]style[(72 7 1 11 1 12 1 7 2 3 1 1 1 1 6 1 1 3 6 1 2 1 1 3 1 6 1 3 1 5 1 9 4 1 1 8 4 3 1 16 1 1 23 8 1 6 1 1 8 68 8 61 2 7 14 8 50 2 7 126 23 1 12 2 3 2 6 1 13 7 1 11 1 8 1 1 6 1 7 1 1 3 1 4 3 1 16 1 1 10 8 1 6 1 1 8 1 16 8 52 2 7 14 8 41 2 7 84),c000000126,,c000000126,,c126000126,,c000000126,,c000000126,cgray;,,cgray;,,cgray;,,cgray;,,cgray;,,b,,c000126000,c000000126,,c000000126,,c000000126,,c126000126,,c000000126,c126000126,c000126000,,c000000126,,c000000126,,c000000126,,c000126000,,c000000126,,cgray;,c000126000,,c000000126,,c000000126,c126000126,,c000000126,,c000000126,c126000126,,c000000126,,c000000126,,c000000126,,c000000126,,c000000126,cgray;,,c000000126,,c000000126,,c126000126,c000000126,,c000000126,,c000000126,c000126000,,c000000126,cgray;,,c000000126,,c000000126,,c126000126,,c000000126,,c000000126,c126000126,,c000000126,c000126000,,c000000126,c126000126,,c000000126,,c000000126,c126000126,,c000000126,!!' readStream nextChunkText)
> + 			key: #addingActions!
> - ]style[(61 11 7 1 11 1 12 1 7 2 3 1 1 1 1 6 1 1 3 6 1 2 1 1 3 1 6 1 3 1 5 1 9 4 1 1 8 4 3 1 16 1 1 10 8 1 6 1 1 8 5 51 12 8 61 2 7 14 8 50 2 7 2 121 3 23 1 12 2 3 2 6 1 13 7 1 11 1 8 1 1 6 1 7 1 1 3 1 4 3 1 16 1 1 10 8 1 6 1 1 8 1 3 1 12 8 52 2 7 14 8 41 2 7 2 82),cblack;,c000000127,cblack;,c000000127,cblack;,c127000127,cblack;,c000000127,cblack;,c000000127,cgray;,cblack;,cgray;,cblack;,cgray;,cblack;,cgray;,cblack;,cgray;,cblack;,b,cblack;,c000127000,c000000127,cblack;,c000000127,cblack;,c000000127,cblack;,c127000127,cblack;,c000000127,c127000127,c000127000,cblack;,c000000127,cblack;,c000000127,cblack;,c000000127,cblack;,c000127000,cblack;,c000000127,cblack;,cgray;,c000127000,cblack;,c000000127,cblack;,,cblack;,c000000127,c127000127,cblack;,c000000127,cblack;,c000000127,c127000127,cblack;,c000000127,cblack;,,cblack;,c000000127,cblack;,c000000127,cblack;,c000000127,cblack;,c000000127,cgray;,cblack;,c000000127,cblack;,c000000127,cblack;,c127000127,c000000127,cblack;,c000000127,cblac
> k;,c000000127,c000127000,cblack;,c000000127,cgray;,cblack;,c000000127,cblack;,c000000127,cblack;,c127000127,cblack;,c000000127,cblack;,c000000127,c127000127,cblack;,c000000127,c000127000,cblack;,,cblack;,c000000127,c127000127,cblack;,c000000127,cblack;,c000000127,c127000127,cblack;,c000000127,cblack;,!!' readStream nextChunkText!
> 
> 




More information about the Squeak-dev mailing list