[drupal-devel] [task] Load as little as possible for autocomplete

chx drupal-devel at drupal.org
Thu Aug 18 17:45:42 UTC 2005


Issue status update for 
http://drupal.org/node/29136
Post a follow up: 
http://drupal.org/project/comments/add/29136

 Project:      Drupal
 Version:      cvs
 Component:    base system
 Category:     tasks
 Priority:     normal
 Assigned to:  chx
 Reported by:  chx
 Updated by:   chx
 Status:       patch (code needs review)
 Attachment:   http://drupal.org/files/issues/autocomplete_13.patch (11.14 KB)

I made a grave error which would've blown a security hole.




chx



Previous comments:
------------------------------------------------------------------------

Thu, 18 Aug 2005 17:23:02 +0000 : chx

Attachment: http://drupal.org/files/issues/autocomplete_12.patch (11.08 KB)

This is a patch which changes significantly the work of autocomplete.
Instead of loading the full Drupal and using the menu system to find
out the correct handler, we only bootstrap to the PAGE_CACHE phase, and
load the necessary module only. Autocomplete functions need to check for
permissions themselves!




------------------------------------------------------------------------

Thu, 18 Aug 2005 17:27:05 +0000 : chx

Attachment: http://drupal.org/files/issues/autocomplete.php (971 bytes)

Here is the autocomplete.php which makes this work.




------------------------------------------------------------------------

Thu, 18 Aug 2005 17:32:49 +0000 : walkah

+1 for the functionality *BUT*


I'd like to see something similar used for files as well (i.e. private
and/or permisisons on files) ... *and* i'd really rather see this
incorporated into index.php ... i.e. a single end point. perhaps some
$_GET (or safer for $_SESSION?) triggers that indicate bootstrap levels
.


note gallery2 (i.e. http://gallery.menalto.com) uses a system sort of
like this ... i.e. there is 2 init processes and for "item downloading"
(i.e. fetching an image) only a partial init is done (enough to verify
permissions).


that is to say - let's see if we can't generalize this to accomodate
file fetching as well as ajax stuff, etc.







More information about the drupal-devel mailing list