||[Aug. 2nd, 2002|12:27 pm]
Added a check for LJ::did_post() as per mart's suggestion.
Modified the code so it reads the available scheme names from $LJ::HOME/cgi-bin/bml/scheme instead of from a table in the directory. If the directory-using code is still wanted, it is now here:
Modified the code and translation file to use a more appropriate error message if the scheme directory could not be read (for whatever reason)
Is there a specific method for creating a patch for a file that doesn't exist in CVS? I can't figure it out, so I'm just submitting the full file here.
The following patch/file is something I just created. It takes advantage of the BMLschemepref cookie that was already available in the LJ code. I'm told that the functionality to set this cookie was removed from the LJ code because of "security" concerns:
From mart (link)This new setscheme.bml creates a POST form where the user may select a preferred scheme from the available schemes listed in the database. I have not created any functionality that sets this as a userprop, so it works whether the user is logged in or logged out. From my previous post, no one made any suggestion whether this should or should not be made into a userprop, so I did not make it one. That functionality can be added later if desired.
GET requests should not cause changes, so it's wrong that a get should set a cookie, for example.
The reason for this is that it's very easy to make another user's browser do a GET request on any arbitrary URL (reference it as an image, for example) and so only POST requests should do actions.
The file can be tested here:
The file can be found as a .txt (for viewing the code) here:
A diff for update-db-general.pl (creates the new bml_schemes table listing and populates it) can be found here (not needed if using the updated, non-db-using code):
An english translation file (required) can be found here:
Please test this out and let me know if there are any evident bugs/problems with it. If anything, I bet I did that database patch wrong. I haven't done that before.
I'd love to see this feature implemented - for ease of use!