Opened 12 years ago

Closed 12 years ago

#6463 closed defect (fixed)

RPC Services updates

Reported by: kriszyp Owned by: Dustin Machi
Priority: high Milestone: 1.2
Component: Dojox Version: 1.1.0
Keywords: Cc: alex
Blocked By: Blocking:

Description

  1. Style issues
  2. Parsing (JSON or plain) is based on the return content-type
  3. Fixes a problem with omitted parameters being converted to undefined in the call.
  4. Added extra automatic headers
    1. X-Client-Id - Can be used by servers to track a client-session (vs a cookie-session which can span tabs/windows)
    2. X-Seq-Id - Can be used by servers to enforce deterministic ordering of RPCs (HTTP is not deterministic in ordering).
    3. X-Transaction - Client can provide transaction start and commit information in case the server supports this (will be utilized by the JsonRestStore?).

These are certainly up for discussion...

Attachments (1)

rpc.diff (73.2 KB) - added by kriszyp 12 years ago.
RPC Updates

Download all attachments as: .zip

Change History (5)

comment:1 Changed 12 years ago by alex

Cc: alex added

hey Kris:

the patch is looking good, but I noted a couple of things:

  • please ensure that your documentation comments are indented to the same level of the code which they are documenting (in general, they all need one more tab)
  • on line 6 of the new patch, the documentation in the summary should be indented one more level
  • the patch adds a method called "dojox.rpc.resolveJson", but is not defining the "dojox.rpc" module itself. In general, modules should not modify objects which they are not provide()-ing. Please move these methods and properties to be children of the declared JsonReferencing? object or find some other home for them which does not violate convention
  • please ensure that you are always using 4-spaced *real* tabs for indentation
  • the file "tests/resources/jsonRpc10.php" appears to be responding with the unfiltered contents of "$params[0];" on line 34. Is this an OOTB XSS?
  • there's too much whitespace being used around conditionals. See the style guide:

http://dojotoolkit.org/developer/StyleGuide

comment:2 Changed 12 years ago by Adam Peller

Milestone: 1.1.11.2

Sounds like this belongs in 1.2. If it belongs in 1.1.1 please move back and provide justification. Thanks.

comment:3 Changed 12 years ago by kriszyp

I believe I have these items fixed now. I didn't write jsonRpc10.php, but I don't think it is actually an XSS vulnerability because it sets the content type to application/json, but there were some php files that didn't set the content type and were vulnerabilities that I fixed.

Changed 12 years ago by kriszyp

Attachment: rpc.diff added

RPC Updates

comment:4 Changed 12 years ago by Bryan Forbes

Resolution: fixed
Status: newclosed

(In [13844]) fixes #5987, fixes #6463 !strict

  • Applying Kris Zyp's (cla on file) patches for RPC and RESTful Stores.
Note: See TracTickets for help on using tickets.