Skip to main content.
home | support | download

Back to List Archive

Re: SwishCtl

From: Greg Ford <greg(at)not-real.reddfish.co.nz>
Date: Tue Dec 30 2003 - 00:32:34 GMT
Hi Tom

> the development of SwishCtl seems to have stopped about 5
> months ago judging by the cvs
> on sourceforge... does anyone know what's going on with this?

SwishCtl was developed for a paying client.  Since the project was
completed, I have had to concentrate on other work.
Although I have made some changes more recently.

I make occasional changes to SwishCtl, but as I don't have CVS access,
I can't be certain the CVS matches my sources.

> a couple of questions:
> 1. it's a dll - what the hell's it doing throwing up message boxes?

SwishCtl was intended for use a "client-side" tool rather than for ASPs,
and it IS common for Windows software to put the UI into DLLs.

Actually, we have agreed to remove the dialog boxes, but there is a
deeper problem which is that SwishCtl erroneously returns an ActiveX
error value when it encounters an error Internet Explorer does not
handle this well (and can crash).   Fixing this properly requires a change
to the API to add a "retval" parameter to several functions.

> 2. who's idea was the screwy api? can it really be necessary to set
> HKLM\Software\SWISH-E Team\SwishCtl\Options\IndexLocation before executing
a
> search? (one has to assume several
> programs could be installed all storing their index files in a different
> place)

The control is marked "safe for scripting". Which means it should not be
possible for a web-site to use the control to access data on your
hard disk - for this reason the index location is stored in the registry
 - not as a parameter for the control which would be easier.

> don't mean to sound bolshy, but this is a realy great idea &
> i'd love to see it perfected.

I work on SwishCtl when I need specific changes, or when I have time.
There are certainly aspects I would like to see perfected, and given time,
I will get them done sometime.
If you would like to submit patches I am sure David and
I will consider them for inclusion in the SwishCtl sources.

Greg Ford
p.s. copy of earlier discussion follows.

> tom

---- Message dated 1 September 2003 ---
Hi all (actually only Swish-e developers should read any further)

> On Sat, 2003-08-30 at 22:10, Greg Ford wrote:
> > I think maybe SwishCtl should never return an error value to the ActiveX
> > subsystem but rather just use the swish-e error function (getlasterror()
?).
>...

I think maybe I've just been too lazy. I've taken another look at the code
and
see:
A)  Only two of the ActiveX functions contain MessageBoxes - they can be
removed
easily.

B) Quite a few of the functions return E_FAIL to the ActiveX subsystem
(as I mentioned before this crashes Internet Explorer). Changing all of
these to S_OK would fix this problem - but then SwishCtl would fail to
report some errors at all.

C) The code is relies on an Interface Description (IDL) compiler to publish
the
ActiveX interface - this allows me to specify a return value (by specifying
[out, retval] )
for the functions - but I haven't always done this - particularly for Init()
which should probably pass out the swish-e error code (as retval).

D) In most cases when I'm returning E_FAIL - I should be passing out a
retval of
INVALID_SWISH_HANDLE, in most of the remaining cases - I should pass out
the swish-e error code.
So
  - the enumeration which lists the error codes (in error.h) probably  needs
    to be copied into swish-e.h(?) because (as I understand it) swish-e
    library-users should only #include swish-e.h

> David wrote:
> Could/should the UUID of the new control be changed if the index format
> changes?  Or would the DLL filenames conflict?

The GUID would need to change I think. The ActiveX/OLE system enables
you to define
SwishCtl.CSwishCtl.1
SwishCtl.CSwishCtl.2
etc.
I think I eventually settled on installing the DLLs into the system
directory
(to avoid having ActiveX controls registered on the CD drive!) That means
the
DLL names would need to change for each version SwishCtlX.dll.
Also you've got to watch out - because of
DLL hell - if an older version of a DLL is already loaded (in RAM) and you
run a program
which needs a new version  - Windows reuses the old one and your new
program will crash - I'm not sure if this applies to ActiveX because ActiveX
controls
are loaded by GUID.

> There's a magic number to tell SWISH-E the index is the wrong version.

How do I retrieve that number from the library?

> > I don't think there's much of a problem for ASPs - what the current
> > registry settings do is that they mean you have to have write access to
> > the registry to be able to add a new index/database.
>
> The current method does well to prevent it.  But, modifying the HKLM
> registry to add new indices would be inconvenient on a shared host.  Of
> course, changing the control to allow files to be specified by the
> script could be dangerous.  Splitting the privileges seems like the best
> compromise.   Let the user specify filenames (with well defined
> restrictions) and let admins specify directories.  One person could read
> another's index, but, I think that should be an assumed risk on a shared
> web host.

The patch I sent to David used a pair of registry keys for each database.
One has a user defined [name] specifying the directory containing the
index files the other called [name]_Index gives the (list of ) index file
names
which is passed to the swish-e library.

This was a quick fix avoiding two smallish bits of work

1) adding a second parameter to the Init function to specify the index files
and
directory separately (remembering to update the IDL).

2) writing a function to check the filename for potential hacks ( leading
backslashes,
drive specifications or ..\..\.. stuff - probably we should just reject any
string
containing slashes, colons or  backslashes ?

I guess I'll have to add some extra parameters to handle error handling so
(A)
could happen as part of that work.

Greg Ford
Received on Tue Dec 30 00:33:12 2003