August 2nd, 2002

get_remote() bonus

A side-effect of the login system changes earlier, LJ::get_remote() returns the full user record now... not just userid and user.

So, no more need for LJ::load_remote()... but I'm leaving it in for awhile, in case the other LJ sites out there have custom hooks/BML files/etc using it. But we can start removing it in the general code.
  • dottey


Added a check for LJ::did_post() as per mart's suggestion.

Modified the code so it reads the available scheme names from $LJ::HOME/cgi-bin/bml/scheme instead of from a table in the directory. If the directory-using code is still wanted, it is now here:

Modified the code and translation file to use a more appropriate error message if the scheme directory could not be read (for whatever reason)

Is there a specific method for creating a patch for a file that doesn't exist in CVS? I can't figure it out, so I'm just submitting the full file here.

The following patch/file is something I just created. It takes advantage of the BMLschemepref cookie that was already available in the LJ code. I'm told that the functionality to set this cookie was removed from the LJ code because of "security" concerns:
From mart (link)
GET requests should not cause changes, so it's wrong that a get should set a cookie, for example.

The reason for this is that it's very easy to make another user's browser do a GET request on any arbitrary URL (reference it as an image, for example) and so only POST requests should do actions.
This new setscheme.bml creates a POST form where the user may select a preferred scheme from the available schemes listed in the database. I have not created any functionality that sets this as a userprop, so it works whether the user is logged in or logged out. From my previous post, no one made any suggestion whether this should or should not be made into a userprop, so I did not make it one. That functionality can be added later if desired.

The file can be tested here:

The file can be found as a .txt (for viewing the code) here:

A diff for (creates the new bml_schemes table listing and populates it) can be found here (not needed if using the updated, non-db-using code):

An english translation file (required) can be found here:

Please test this out and let me know if there are any evident bugs/problems with it. If anything, I bet I did that database patch wrong. I haven't done that before.

I'd love to see this feature implemented - for ease of use!
  • scsi

Global.look patches for new auth scheme

Hey everyone,

For some unknown reason after I applied the security patches, the cookie lookup in the global.look file (the one responsible for saying "hi " on the nav bar on the left) seems not to be working.
Actually, its because the ljuser cookie got switched over to ljsession. This patch (hopefully) fixes it. Its my very first patch ever, so be kind...

Works on the DJ test boxen..
  • dottey

Code Consolidation - lostinfo.bml

In response to doc/todo.txt - here is a patch and en translation file to consolidate lostinfo.bml (and thereby remove lostinfo_do.bml). If this patch is implemented, lostinfo_do.bml would no longer be needed.

And since the patch isn't cleanly readable (big changes), here is the bml page in TXT for easy viewing.

It can be tested at this URL, except that my mail system is broke. You can however see that the POST works correctly.

I'm going to try to work on some more of those _do.bml pages in my upcoming free time - if this is still desired.