Textpattern CMS support forum

You are not logged in. Register | Login | Help

#1 2013-11-28 17:07:24

gaekwad
Member
From: People's Republic of Cornwall
Registered: 2005-11-19
Posts: 2,383

Figuring out what's being viewed in the browser

I’m building a boilerplate for a new project, and I have a chunk of code that — I think — will cover all eventualities of what’s being displayed in the browser. It looks like this:

<txp:if_article_list>
	<txp:if_section name="default">
		<txp:if_status status="404">
			<p>is article list or individual article, is default, is 404</p>
			<txp:else />
				<txp:if_search>
					<p>is search results, is default, not 404</p>
					<txp:else />
						<txp:if_category>
							<p>is category, is default, not 404</p>
							<txp:else />
								<p>is default, not 404</p>
						</txp:if_category>
				</txp:if_search>
		</txp:if_status>
		<txp:else />
			<txp:if_status status="404">
				<p>is article list, not default, is 404</p>
				<txp:else />
					<p>is article list, not default, not 404</p>
			</txp:if_status>
	</txp:if_section>
	<txp:else />
		<p>is individual article, not 404</p>
</txp:if_article_list>

This seems to work with my testing, but I’m curious what fresh (independent) eyes might find. Have I missed anything, even trivial?

Last edited by gaekwad (2013-11-28 17:08:03)

Offline

#2 2013-11-28 17:28:14

colak
Admin
From: Cyprus
Registered: 2004-11-20
Posts: 6,916
Website

Re: Figuring out what's being viewed in the browser

Hi Pete

It seems that the whole code is based on error pages to me. My approach would be to use the error_default template for those “non pages” and the main templates for the content of the site


Yiannis
——————————
neme.org | hblack.net | LABS | State Machines | NeMe @ github

Offline

#3 2013-11-28 20:42:35

Gocom
Plugin Author
Registered: 2006-07-14
Posts: 4,524
Website

Re: Figuring out what's being viewed in the browser

Textpattern uses more error codes than 404. Textpattern’s core invokes total of 6 statuses: 200, 401, 403, 404, 500 and 503, and you can respond with any other status using the txp_die tag.

You may not want to mix error templates and your normal templates. Number of tags do not display legitimate results on error pages. For instance section and category tags will return the raw request value that caused the error in the first place, allowing potential XSS vector if those values are ever trusted.

Last edited by Gocom (2013-11-28 20:49:43)

Offline

#4 2013-11-29 09:29:51

gaekwad
Member
From: People's Republic of Cornwall
Registered: 2005-11-19
Posts: 2,383

Re: Figuring out what's being viewed in the browser

Thank you, gentlemen.

Mea culpa, I should’ve clarified: I normally use the exact same page content for default and error_default because then the appearance is (largely) uniform across the site, aside from the error messages.

I had missed some of the statuses, so thank you, Jukka. I don’t do anything strange with tags when there are errors thrown, that’s purely so I can tailor the text on screen – certainly nothing that might cause any XSS issues.

Offline

#5 2013-11-29 10:53:03

gaekwad
Member
From: People's Republic of Cornwall
Registered: 2005-11-19
Posts: 2,383

Re: Figuring out what's being viewed in the browser

I went back to the drawing board and rewrote my code.

This code should, if my thinking is correct:

  • not doing anything to trigger XSS issues on error pages
  • catch articles, article lists, search results and category (search) results

Same as before, it will be used in the default and error_default pages to ensure the look-and-feel is similar across error and non-error pages. Here’s the code:

<txp:if_status status="200">
	<txp:if_article_list>
		<txp:if_section name="default">
			<txp:if_search>
				<p>is search</p>
				<txp:else />
					<txp:if_category>
						<p>is category</p>
						<txp:else />
							<p>is homepage</p>
					</txp:if_category>
			</txp:if_search>
			<txp:else />
				<p>is article list, not default</p>
		</txp:if_section>
		<txp:else />
			<p>is individual article</p>
			<txp:article />
	</txp:if_article_list>
	<txp:else />
		<txp:if_status status="401">
		<p>401 error text</p>
		</txp:if_status>
		<txp:if_status status="403">
		<p>403 error text</p>
		</txp:if_status>
		<txp:if_status status="404">
		<p>404 error text</p>
		</txp:if_status>
		<txp:if_status status="500">
		<p>500 error text</p>
		</txp:if_status>
		<txp:if_status status="503">
		<p>503 error text</p>
		</txp:if_status>
</txp:if_status>

Assuming articles, article lists, search and category results are taken care of, are there any other things that can be sent to a browser with Textpattern? I’m excluding raw images and files because they don’t have a wrapper, they’re just delivered.

Thank you in advance.

Last edited by gaekwad (2013-11-29 11:12:59)

Offline

#6 2013-11-29 12:56:30

springworks
Member
Registered: 2005-01-06
Posts: 172
Website

Re: Figuring out what's being viewed in the browser

Author lists? (See txp:if_author)

Offline

#7 2013-11-29 12:58:36

gaekwad
Member
From: People's Republic of Cornwall
Registered: 2005-11-19
Posts: 2,383

Re: Figuring out what's being viewed in the browser

springworks wrote:

Author lists? (See txp:if_author)

Dude, good spot. Thanks.

Offline

#8 2013-11-29 13:28:52

uli
Moderator
From: Cologne
Registered: 2006-08-15
Posts: 4,153

Re: Figuring out what's being viewed in the browser

The only remaining one of these in a URL that might make sense checking will be ?month=nnnn I assume.


In bad weather I never leave home without wet_plugout, smd_where_used and adi_form_links

Offline

#9 2013-11-29 13:35:04

Gocom
Plugin Author
Registered: 2006-07-14
Posts: 4,524
Website

Re: Figuring out what's being viewed in the browser

Textpattern’s core also seems to use 410 status code. Its used when accessing expired articles and Publish expired articles? is set off in the preferences. One of the best way to handle errors is usually by creating separate page templates (error_nnn), e.g.

  • error_default (the fallback used if specific error template doesn’t exist).
  • error_401
  • error_403
  • error_404
  • error_410
  • error_500
  • error_503

This avoids nesting, and keeps the code base module-ish. I usually recommend creating error_403, error_404 and error_503, and leaving error_default ‘empty-ish, plain’. If article expirations are used, creating error_410 might be a good idea too.

Textpattern has few additional parameters that affect the served content:

  • context
  • m/month
  • pg

There are no real tags for those, tho, but you can read the values with page_url and use if_variable/variable to build the conditions.

You can detect file download (errors) with:

<txp:if_section name="file_download">
   On file download.
</txp:if_section>

file_download is the section on file download request.

Last edited by Gocom (2013-11-29 13:37:12)

Offline

#10 2013-11-29 14:23:27

gaekwad
Member
From: People's Republic of Cornwall
Registered: 2005-11-19
Posts: 2,383

Re: Figuring out what's being viewed in the browser

Thank you, sirs – you have been very helpful.

Last edited by gaekwad (2013-11-29 14:28:51)

Offline

Board footer

Powered by FluxBB