EPrints Technical Mailing List Archive

See the EPrints wiki for instructions on how to join this mailing list and related information.

Message: #03492


< Previous (by date) | Next (by date) > | < Previous (in thread) | Next (in thread) > | Messages - Most Recent First | Threads - Most Recent First

[EP-tech] {Disarmed} RE: {Disarmed} RE: {Disarmed} RE: SetLang - Use of the parameter referrer with the function view and the suffix .include


Hi all,

 

Sorry, but the short path is working only when the original request with set_lang is stored in the cache of the browser. So, you will have a guarantee that it will work always when you store and use the full original request, like John suggest:

 

MailScanner has detected a possible fraud attempt from "repo" claiming to be http://repo/cgi/set_lang?lang=fr&referrer=http://lib-eprintsdev.leeds.ac.uk:8888/view/creators/=C7alder=3AA=2E=3A=3A.include?lang=fr

 

or

 

MailScanner has detected a possible fraud attempt from "repo" claiming to be http://repo/cgi/set_lang?lang=en&referrer=http://lib-eprintsdev.leeds.ac.uk:8888/view/creators/=C7alder=3AA=2E=3A=3A.include?lang=en

 

Jean-Pierre

 

De : eprints-tech-bounces@ecs.soton.ac.uk [mailto:eprints-tech-bounces@ecs.soton.ac.uk] De la part de Jean-Pierre.Roy@etsmtl.ca
Envoyé : 18 septembre 2014 14:34
À : eprints-tech@ecs.soton.ac.uk
Objet : [EP-tech] {Disarmed} RE: {Disarmed} RE: SetLang - Use of the parameter referrer with the function view and the suffix .include

 

Thanks John,

 

Working fine. Furthermore, it’s also working when lang is defined only at the end of the original request, like:

 

http://lib-eprintsdev.leeds.ac.uk:8888/view/creators/=C7alder=3AA=2E=3A=3A.include?lang=fr

 

Thanks again,

 

Jean-Pierre

 

De : eprints-tech-bounces@ecs.soton.ac.uk [mailto:eprints-tech-bounces@ecs.soton.ac.uk] De la part de John Salter
Envoyé : 18 septembre 2014 09:53
À : 'eprints-tech@ecs.soton.ac.uk'
Objet : [EP-tech] {Disarmed} RE: SetLang - Use of the parameter referrer with the function view and the suffix .include

 

Hi,

I don’t have any real experience of multi-language repositories, but I’ve just tested this on 3.3.12:

I added a line to perl_lib/EPrints/Apache/Rewrite.pm, where it is dealing with views.

my $filename = EPrints::Update::Views::update_view_file( $repository, $lang, $localpath, $uri );

print STDERR "LANG: $filename\n"; #added this line

 

When I visit (initially in ‘en’) MailScanner has detected a possible fraud attempt from "repo" claiming to be http://repo/view/creators/=C7alder=3AA=2E=3A=3A.include

it prints (in the Apache error log):

LANG: /eprints-3.3.12/archives/test/html/en/view/creators/=C7alder=3AA=2E=3A=3A.include

 

If I change the language (to ‘fr’) in another browser window, and refresh the page, I get:

LANG: /eprints-3.3.12/archives/test/html/fr/view/creators/=C7alder=3AA=2E=3A=3A.include

 

- so it seems to work OK for direct requests.

 

If I try the ‘set_lang’ URL you sent, I think I see that same thing that you do – but importantly, in the error log, there is nothing printed.

This makes me think that it’s a browser caching issue. It looks like the .include content is displayed from the browser cache – and is in the wrong language.

 

If I try with a URL like (adding a query string to the referrer page):

MailScanner has detected a possible fraud attempt from "repo" claiming to be http://repo/cgi/set_lang?lang=fr&referrer=http://lib-eprintsdev.leeds.ac.uk:8888/view/creators/=C7alder=3AA=2E=3A=3A.include?lang=fr

or

MailScanner has detected a possible fraud attempt from "repo" claiming to be http://repo/cgi/set_lang?lang=en&referrer=http://lib-eprintsdev.leeds.ac.uk:8888/view/creators/=C7alder=3AA=2E=3A=3A.include?lang=en

 

The results seem to be OK – as the query string on the referrer page has changed too.

Something could be added to perl_lib/EPrints/Plugin/Screen/SetLang.pm to try and force a reload – but I’m not sure the best way of doing this - one suggestion is to add the parameter before the redirection at the end of ‘sub from’:

                #if referrer has a query string, append langid as additional param, else add it as query

                $referrer .= ( m/\?/ ? '&' : '?' ) . "lang=$langid";

$self->{processor}->{redirect} = $referrer; #existing line

 

 

Have I understood your problem OK?

Does this look like it fixes it (I’m not sure if there will be any unwanted side effects of this alteration).

 

Cheers,

John

 

 

 

 

 

From: eprints-tech-bounces@ecs.soton.ac.uk [mailto:eprints-tech-bounces@ecs.soton.ac.uk] On Behalf Of Jean-Pierre.Roy@etsmtl.ca
Sent: 17 September 2014 16:23
To: eprints-tech@ecs.soton.ac.uk
Subject: [EP-tech] SetLang - Use of the parameter referrer with the function view and the suffix .include

 

Hello All,

 

It sounds like that the cgi script "set_lang", with the parameter "referrer" and the function "view" ending with the suffix ".include", is generating, within the same web session, an output which is similar to the one you get when you send, again and again, the same input to a printer or a pdf creator : you get always the same result at the end.

 

Indeed, during the same web session, regardless of the time elapsed, the "set_lang" request, incorporating a “view” with the suffix “.include”, is always coming back with the same result, even if you try to change $langid with "set_lang?lang=xx" or to clear cookie when you send your request (like "MailScanner has detected a possible fraud attempt from "depository" claiming to be http://depository/cgi/set_lang?referrer=http://depository/view/people/{Family},_{Given Name}.include" which normally returns a result based on the default language of the browser)

 

Would you please confirm whether this understanding is right or not?

 

Thanks,

 

Jean-Pierre Roy,

École de technologie supérieure,

Montréal, Canada