Gossamer Forum
Home : Products : Gossamer Links : Discussions :

[Suggestion] Reuse DB connection in template tags

Quote Reply
[Suggestion] Reuse DB connection in template tags
Alex, GT staff,

1) Would be fine to be able to reuse DB connection in template tags.
I mean to be able to use $DB object in template tags. Even more would be useful to be able to use any object, like $DB, $CFG, $IN, $USER, etc.

Yes, I know they can be used in a global, but why to create a global for every small one-liner task?
This template parser improvement would help to avoid some short globals, by using object based function calls right in the template tags.

If $DB object would be possible to use, then we could do such function calling template tags:
Code:
<%$DB->form_display("Title")%>

Of course GT::Template parser would require modification to identify "$var->function()" style as function call.
I was thinking about the security risks, in the case we allow usage of object variables in the template tags, and I think there is not higher risk, than allowing using globals in templates.


2) Another suggestion could be to allow one-liner perl codes within the template tags such way:
Code:
<%{ one-liner perl code }%>
or
<%sub { one-liner perl code }%>
Identification could be not a difficult task in the template parser.
Should be executed as Code if: {.+} and sub\s+{.+}

Let me know, what do you think about these suggestions.

Best regards,
Webmaster33


Paid Support
from Webmaster33. Expert in Perl programming & Gossamer Threads applications. (click here for prices)
Webmaster33's products (upd.2004.09.26) | Private message | Contact me | Was my post helpful? Donate my help...
Quote Reply
Re: [webmaster33] [Suggestion] Reuse DB connection in template tags In reply to
I don't see the need. Take $IN for example, it is just a GT::CGI object so instead of your proposal of:

<%$IN->escape('http://')%>

....you could just do:

<%GT::CGI::escape('http://')%>

No need to rewrite the parser Wink
Quote Reply
Re: [Paul] [Suggestion] Reuse DB connection in template tags In reply to
Paul,
I had 2 suggestions. You answered to the 1st one.

Additionally I think you miss the point...
Code:
<%GT::CGI::escape('http://')%>
The escape is a function of GT::CGI package, and not method of it !

form_display is a method of GT::SQL::Creator. And you can NOT use the way you suggested.
Code:
<%GT::SQL::Creator::form_display("Title")%>
This gives error, of course.

Currently I don't know other way to include the result (output) of a method into a tag, than to use a global.
But why to write a separate global just for a one-liner perl code?

Best regards,
Webmaster33


Paid Support
from Webmaster33. Expert in Perl programming & Gossamer Threads applications. (click here for prices)
Webmaster33's products (upd.2004.09.26) | Private message | Contact me | Was my post helpful? Donate my help...
Quote Reply
Re: [webmaster33] [Suggestion] Reuse DB connection in template tags In reply to
What's the benefit of Jason modifying the parser to work like this?

You have two choices:

a) Write your perl code inside the template (your idea)
b) Create a global

What makes putting the code in the template better?

I'd have to say that you would end up having "code tags" scattered through your templates which makes updates difficult whereas at least globals are all in one place. There will be no speed gain or any other obvious advantage that I can think of unless you can elighten me?

Plus, Jason would have to do quite a bit of work on the parser to implement this (your suggestion of sub\s{.+} is extremely simplified and optimistic. Have you looked at the source code for GT::Template::Parser?)
Quote Reply
Re: [Paul] [Suggestion] Reuse DB connection in template tags In reply to
Quote:
What makes putting the code in the template better?
It will not be better. Just easier to code. At least for me.

I would use:
  • plugins: for complex task
  • globals: for perl codes which are a few dozen of lines long
  • template embedded perl code: for one-liner codes
  • method calls in template: for quick including output of a method

    This is my opinion. You don't have to aggree it.
    And of course, I accept you opinion.

    But now I'm curious for opinion of Alex, too.
    Let we allow him to tell his opinion...

    Best regards,
    Webmaster33


    Paid Support
    from Webmaster33. Expert in Perl programming & Gossamer Threads applications. (click here for prices)
    Webmaster33's products (upd.2004.09.26) | Private message | Contact me | Was my post helpful? Donate my help...
  • Quote Reply
    Re: [webmaster33] [Suggestion] Reuse DB connection in template tags In reply to
    Hi,

    I don't think this is a good idea. The reason to use templates is to keep a separation between your code and your display. If you start putting all your code into your templates, it quickly becomes a mess.

    You can use globals, or even just create a file called 'MyFunctions.pm' in the admin directory with a list of functions you want, you can then call <%MyFunctions::func%> to run a function.

    Cheers,

    Alex
    --
    Gossamer Threads Inc.
    Quote Reply
    Re: [Alex] [Suggestion] Reuse DB connection in template tags In reply to
    Oh, and the subject is a bit misleading. The database connection is always reused, the program only ever opens a single database connection and reuses it throughout.

    Cheers,

    Alex
    --
    Gossamer Threads Inc.
    Quote Reply
    Re: [Alex] [Suggestion] Using object variables & methods in template tags In reply to
    Quote:
    the subject is a bit misleading. The database connection is always reused, the program only ever opens a single database connection and reuses it throughout.
    I meant, that you can not use the $DB objects in template tags, neither method calls. Renamed the subject of this post.

    I think, this is answer for suggestion 2) :
    Quote:
    The reason to use templates is to keep a separation between your code and your display. If you start putting all your code into your templates, it quickly becomes a mess.
    That's why the PHP language became so successful? Because it does not necessarily separates your code and your html? Many template systems allows code execution. Some allows embedded code execution, some not.
    But if you decide, that you not want to support embedded code (altough I suggested only one-liner embedded codes), of course I will accept it.

    I think, this is answer for suggestion 1) :
    Quote:
    You can use globals, or even just create a file called 'MyFunctions.pm' in the admin directory with a list of functions you want, you can then call <%MyFunctions::func%> to run a function
    Yes, you can of course call a global or a packaged function.
    However you can not call a method, because the object variables can not be used in template tags.Frown
    I think, that method calls would be equally useful like packaged function calls, and are exactly for the same purpose.

    Here is the example, what you be really useful, if could be possible to use:
    Quote:
    <%$DB->form_display("Title")%>
    And there would be much more examples...

    I think code calls in template tags, should be not limited to package functions, but calls to methods should be also allowed.

    My opinion is, that method calls in template tags would be useful. Would not add new functionality or make parsing faster, but will make programming easier. Will make unnecessary some globals, and could make possible to use these calls, as we use function calls currently.

    Best regards,
    Webmaster33


    Paid Support
    from Webmaster33. Expert in Perl programming & Gossamer Threads applications. (click here for prices)
    Webmaster33's products (upd.2004.09.26) | Private message | Contact me | Was my post helpful? Donate my help...

    Last edited by:

    webmaster33: Jan 22, 2003, 2:03 PM
    Quote Reply
    Re: [webmaster33] [Suggestion] Using object variables & methods in template tags In reply to
    Hello webmaster33

    I understand your idea, but i think you would forgot something.

    some of our users are cobranding template sets with affiliates, and sometimes affiliates are responsible for the layout of their own templates.

    most of the affiliates does not have any knowledge about perl, they are building it's html in wysiwyg editors.

    you will make it very difficult for them to redesign the templates.

    what's your opinion about this?
    Quote Reply
    Re: [ridesworld] [Suggestion] Using object variables & methods in template tags In reply to
    Oh, ok. I did not know, that cobranding affiliates can have direct access to the templates!
    That changes the matter.

    If the cobranding affiliates can access $DB object and any other methods directly, this raises some security problems.
    That's very good reason not to have methods called directly!!! That one convinced me Smile

    1)
    But I've just noticed another worry. Still worrying about security if you allow direct access of templates...
    How you avoid your affiliates to use packaged function calls?
    They just call a few functions through the template, and the affiliates can probably cause some problems in your system...

    2) EDIT:
    Quote:
    most of the affiliates does not have any knowledge about perl, they are building it's html in wysiwyg editors.
    you will make it very difficult for them to redesign the templates.
    I don't think so. This is a possibility. If you have cobranding affiliates, then don't use method calls (like: <%$DB->form_display("Title")%>). But don't use packaged functions either (like: <%GT::CGI::escape('http://')%>). See? Both can make difficult to redesign the templates. But that's not a reason not to have implemented!

    What do you think about these 2 points?

    Best regards,
    Webmaster33


    Paid Support
    from Webmaster33. Expert in Perl programming & Gossamer Threads applications. (click here for prices)
    Webmaster33's products (upd.2004.09.26) | Private message | Contact me | Was my post helpful? Donate my help...

    Last edited by:

    webmaster33: Jan 22, 2003, 2:37 PM
    Quote Reply
    Re: [webmaster33] [Suggestion] Using object variables & methods in template tags In reply to
    Hello webmaster33

    I'am creating a webbased system in which an aafiliate create and edit templates in his remplate folder.

    At this moment, affiliates would send me the customized templates to me for upload.

    most of them have problems about the current tags, so it would be too difficult for them to work with tags suggested by you.
    Quote Reply
    Re: [ridesworld] [Suggestion] Using object variables & methods in template tags In reply to
    I personally find the syntax too cluttered looking also. You have percent signs, dollar signs, brackets, quotes ...etc. It would be very difficult to look at and work with.

    I have never had any need to use a module method directly in a template and I don't think many others have either. I either make a global or use a plugin.
    Quote Reply
    Re: [ridesworld] [Suggestion] Using object variables & methods in template tags In reply to
    Quote:
    At this moment, affiliates would send me the customized templates to me for upload.
    Oh, so there is no security risk at the moment. Only you are allowed to upload templates.

    Quote:
    I'am creating a webbased system in which an aafiliate create and edit templates in his remplate folder.
    Once you allow them to upload, create, edit their templates, my security worries become true. Frown
    They will be able to call functions from templates, and if there is a small bug in a function (any function, even those which was installed by a plugin), then your users could even hack your system...

    The only solution to avoid this, would be to:
    - implement an option into template parser, to be able to disable the function call execution for selected templates,
    - allow only global calls (what you wrote, not the users),
    - users should not get direct access to globals.txt in each template

    If these conditions would be true, then you would not have to worry about security (at least through the templates).

    Quote:
    most of them have problems about the current tags, so it would be too difficult for them to work with tags suggested by you.
    1) <%MODULE::function('argument')%> - function calls ARE now allowed in templates
    2) <%$DB->method('argument')%> - this is the method call I suggested

    Do you think 2) is difficulter than 1)?

    My opinion is, that both need programming skills.
    So if Alex would ever decide to implement my suggestion, would not make life of your users worser in any way, just extend a bit their template possibilities. Users don't have to use method calls. Same as users don't have to use function calls, either.
    See now?

    I think it does not affect you, if method calls are implemented, or not.

    Also the security worries will apply, when you allow your cobrands to edit templates themself. No matter if my method calls suggestion will be implemented, or not.

    Ridesworld, please note, that I don't want to attack you in any way, just telling my security worries, and showing that this improvement, would not affect you. IMHO.

    Best regards,
    Webmaster33


    Paid Support
    from Webmaster33. Expert in Perl programming & Gossamer Threads applications. (click here for prices)
    Webmaster33's products (upd.2004.09.26) | Private message | Contact me | Was my post helpful? Donate my help...

    Last edited by:

    webmaster33: Jan 23, 2003, 7:12 AM
    Quote Reply
    Re: [webmaster33] [Suggestion] Using object variables & methods in template tags In reply to
    Hello webmaster33

    thank you for your warning.

    my affiliates will not be able to create own globals due to security risks.
    globals.txt will be disabled.
    they can only create & edit .html files.

    i don't think the parser can understand something as globals.html that will do the same functions as globals.txt

    the best thing is create a parser for the affiliates that will parse the templates from a directory ouitside the links.sql distribution, but from a given path set in your configs.
    Quote Reply
    Re: [ridesworld] [Suggestion] Using object variables & methods in template tags In reply to
    Quote:
    thank you for your warning.
    You're welcome. It's the minimum that I warn you, if I think there is security problem.

    Quote:
    my affiliates will not be able to create own globals due to security risks.
    Good.

    Quote:
    globals.txt will be disabled.
    Good.

    Quote:
    they can only create & edit .html files.
    I mentioned they can still access module functions in .html file, as template tags: <%MODULE::function('argument')%>

    Quote:
    i don't think the parser can understand something as globals.html that will do the same functions as globals.txt
    Of course not. GT::Template reads only the globals.txt in the used template directory. globals.html will act as normal template.

    Quote:
    create a parser for the affiliates that will parse the templates from a directory ouitside the links.sql distribution, but from a given path set in your configs.
    Unfortunately NO! This would not help you. Frown
    The solution would be: if GT would implement an option into the parser, so execution of module functions & methods could be disabled by the admin, for the selected templates.
    BUT NOTE, if you disable execution of module function & method calls, then:
    - there will be some (or more?) plugins, which will be not able to work, since they rely on function calls in template files. So your affiliates could only use a basic Links SQL system, plus using those plugins, which don't use function calls in templates.

    Just my opinion.

    I would aggree, and support the idea, to have an option implemented into the template parser, to be able to disable module functions and/or method execution for selected templates (maybe for selected files, too? that would be too complex I think).
    The <%MODULE::function('argument')%> tag would be just removed in template output, in case that function execution is disabled.
    +1 vote for the idea

    Best regards,
    Webmaster33


    Paid Support
    from Webmaster33. Expert in Perl programming & Gossamer Threads applications. (click here for prices)
    Webmaster33's products (upd.2004.09.26) | Private message | Contact me | Was my post helpful? Donate my help...
    Quote Reply
    Re: [Alex] [Suggestion] Reuse DB connection in template tags In reply to
    >> I don't think this is a good idea. The reason to use templates is to keep a separation
    >> between your code and your display. If you start putting all your code into your
    >> templates, it quickly becomes a mess.

    <G> yeah, it's called PHP <G>


    PUGDOG� Enterprises, Inc.

    The best way to contact me is to NOT use Email.
    Please leave a PM here.
    Quote Reply
    Re: [pugdog] [Suggestion] Reuse DB connection in template tags In reply to
    Yeah, but also in PHP:
    - you can embed your code into the page itself,
    OR
    - put functions into separate files...

    And PHP became very popular Cool Tongue

    So in PHP there is also possibility for embedding code or separating into files...
    It's possible to still keep the PHP templates clean this way...

    Best regards,
    Webmaster33


    Paid Support
    from Webmaster33. Expert in Perl programming & Gossamer Threads applications. (click here for prices)
    Webmaster33's products (upd.2004.09.26) | Private message | Contact me | Was my post helpful? Donate my help...