What's up with downloading a customized build of Infusion? [UNSCANNED]

Jacob Farber jacob.farber at utoronto.ca
Tue May 5 16:35:16 UTC 2009


Yes, thanks very much!
We'll be doing all the talking to exec(), so no user input goes directly in. Thanks for pointing this out!

From: Eli Cochran [mailto:eli at media.berkeley.edu]
Sent: Tuesday, May 05, 2009 11:48 AM
To: Jacob Farber
Cc: Eli Cochran; fluid-work List
Subject: Re: What's up with downloading a customized build of Infusion?

I'm trying to remember my PHP -- it's been a couple of years:

http://www.php.net/manual/en/function.exec.php

I'm pretty sure that's what I used before. There are security issues. You need to ensure that someone can't pass in arbitrary code.

- Eli


On May 5, 2009, at 7:18 AM, Jacob Farber wrote:


Hi Everyone,
Laurel and I are working on the custom Infusion build experience, and we've started to make some headway.
Now that Michelle has built the infrastructure for customized builds, we've started to this about how the experience should play out, and how the backend/frontend should communicate to generate a build. Some examples of this kind of functionality can be found at jQuery UI's download page<http://jqueryui.com/download> and Mootools' download page<http://mootools.net/core>.  One tricky part we're finding is how to process the commands we need to generate a build with Ant.

The current workflow is looking like this:
1.       PHP parses the build.properties and the JSON dependencies files to fetch and generate a list of modules and their dependencies
2.       Form will POST to the server (running php) a list of selected modules
3.       Form processor will then deduce the exclusion list from the inclusion list
4.       If some dependencies are found to be in the exclusion list, we POST back a warning on the form about each missing dependency,  asking the user to confirm their desire not to include them
5.       Upon confirmation, we (remember these settings ? and) communication will be POSTed back to the server where (Ant? Phing? Something else?) will process the data and return a (file? Path to a file?)

(Please note we're hoping to create an Infusion component to cover some of this workflow, so the experience becomes even smoother).

As you can see, there are gaps to fill here. Any ideas and feedback to this process will be very much appreciated! Particularly, how PHP could fire a shell script or execute a command line instruction.

Jacob
_______________________________________________________
fluid-work mailing list - fluid-work at fluidproject.org<mailto:fluid-work at fluidproject.org>
To unsubscribe, change settings or access archives,
see http://fluidproject.org/mailman/listinfo/fluid-work

. . . . . . . . . . .  .  .   .    .      .         .              .                     .

Eli Cochran
user interaction developer
ETS, UC Berkeley



-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://fluidproject.org/pipermail/fluid-work/attachments/20090505/eda7adcd/attachment.html>


More information about the fluid-work mailing list