WeSQL Changelog

This is a complete rewrite of WeSQL, with the following enhancements:

• WeSQL is now a standard Apache Perl module, that can be installed with the usual 'perl Makefile.PL && make && make test && su && make install'.
• Extensive logging in web server logs.
• All code has been moved to Perl modules, which results in greater performance and portability.
• The three level structure (WeSQL.pm, yourmodule.pm, action.cgi) has been reduced to 2 perl modules in the Apache namespace: WeSQL.pm and AppHandler.pm, and a number of other modules for the rest of the functionality. Virtually all intelligence is now contained in WeSQL.pm and its helper modules. AppHandler is the only module that needs to be duplicated to run multiple WeSQL sites on one server. See the Apache::WeSQL man page for more information.
• These modules can now also easily be used from ordinary perl programs, bringing the power of all the (journalled) database subs to your scripts!
• A set of subs, available from EVAL blocks, is now available to read/write/delete values from the current session. See the Apache::WeSQL::Journalled man page for more information.
• Much more complete documentation.
• All documentation (except for this changelog) is available as man pages.
• An RPM is available for Redhat users.
• The code is much cleaner!

• Extended edit.wsql and details.wsql to support parameter and table field replacing in the append block, just like list.wsql
• sqlcondition field in the forms file, for use in the modify_journalled sub in yourapplication.pm
• The header and footer files are now also fully treated as wsql files
• A layout file is now supported that allows further layout definition for the output of list.wsql, edit.wsql, and details.wsql. This allows much more freedom than supported before through the header and footer files.
• New way of dealing with superusers and ordinary users, and giving them the right permissions. Superusers now 'cloak' as someone to change their settings and add records on their behalf.

• (cosmetic) updates of the documentation
• Fixed issue with fields containing single quotes in sub jUpdate in yourapplication.pm
• Fixed bug in jDelete sub, where the cookies{id} value would be empty, effectively rendering this function useless...
• Changed the EVAL block in list.wsql from PRE to POSTINSERT because we include it from details.wsql in the addressbook, and inserting PRE code after the PRE block has been executed results in all sorts of nasty behaviour...
• Fixed the Edit-link in details.wsql, that was broken if the name of the view was different from the table name
• Fixed some serious bugs in edit.wsql that would give people access to records not owned by them... (missing $uidcond all over the place)
• Finally discovered the PostgreSQL equivalent of 'SHOW COLUMNS FROM', and fixed sub build_columnarray in yourapplication.pm once and for all (psql -E is very, very useful!)
• details.wsql now passes all extra paramaters passed to it when deleting a record
• Made replace and relation work together properly in list.wsql
• Now ignore form fields defined in the 'forms' file that refer to unexisting table columns, in edit.wsql
• jUpdate sub now works with PostgreSQL
• Added correct word boundary check in list.wsql for the replace paramater
• File not found errors are now also logged in the apache error log

• Added the suid field in the journalling code, which allows 'superusers'
• Extended the documentation (slightly)

• Added further security checking on the COOKIES and PARAMETERS hashes
• Updated the modify_journalling sub in yourapplication.pm: the pkey variable was entered in an sqlUpdate statement where it shouldn't be...
• The jUpdate sub always dropped the last table element
• Made sql-queries in LIST statements case-insensitive. Can't believe that one survived so long!!
• Fixed the return type of build_columnarray in yourapplication.pm when using PostgreSQL

• The values from checkboxes with multiple values will now all be available in the $queryparams hash, as one pipe-separated value. Ideal for direct use in a RegExp...
• There is a brand new sample-application, a completely working addressbook, built with one html page and some describing files, using the new edit.wsql, list.wsql and details.wsql files described below
• edit.wsql, list.wsql and details.wsql are three WeSQL files that are smart enough to deal with most common database operations: add/modify, and listing/viewing of selections of records. These three files closely cooperate with some subs in the <application>.pm file, and expect a 'journalled' database. They don't ever actually remove records from the database, they just disable them by setting the status to zero. See the documentation for more information.

• The CUTFILE tag will now only be matched when found just after a \n (newline), and followed immediately by one. This facilitates generating the tag from blocks of Perl.
• Fixed a tricky bug in PARAMCHECK. Parameters with value '0' were changed to '' for the PARAMCHECK.
• Important security fix, disallow passing of WeSQL commands through parameters! UPGRADE to v0.28 or above NOW!! (Thanks to Kristof Verniers for discovering this one!)
• Logging in Apache logs of fatal errors in EVAL blocks
• newapp.pl: fixed some errors in the generation of the recommended http configuration file

• Added the INCLUDE tag, which allows inclusion of one WeSQL file in another one. Of course, you want to pass a different set of parameters to this included WeSQL file. Well, you can - just use a prefix :-)

• Errors from the EVAL statements will now be properly logged in the Apache logs.
• Reviewed sqlInsert2 sub, temporarily fixed a serious problem with comma's that could cause MySQL to choke. This solution is temporary, the sqlInsert2 sub needs serious reviewing.
• Fixed possible 'fetch() without execute()' bugs in the logs, result of doing non-select queries in LIST statements, or rather, of trying to retrieve results from these queries.
Using a LIST for anything else than a select might seem silly at first, but doing an update query that way can surely be handy :-)
• Fixed a few problems with the sqlDisconnect sub in yourapplication.pm
• Fixed nasty bug in PARAMCHECK tag (regexp matching was not doing the right thing)
• The build_columnlist sub, used by the generic add, delete and modify subs, did not work properly on empty tables. Rewrote it to work with empty tables under both MySQL and PostgreSQL.
• Clarified the situation with the alternative values for parameters and other substituted fields. The syntax is now as follows: PR_TEST|[ALTERNATIVE VALUE]. 'ALTERNATIVE VALUE' can now contain any characters (including whitespace), if you want to use a right bracket (]), escape it with a backslash.

• The PARAMCHECK tag has been added. PARAMCHECK allows checking parameters against certain conditions.
• The CUTFILE tag has been added. When the CUTFILE tag is encountered, the rest of the html file will not be shown.

• Some small fixes in newapp.pl
• Fixed substitution. There was a stupid bug - if something like "PR_XXX" was not matched, the html would be mangled up.
• Fixed issues with escaping single and double quotes in the %queryparams hash. WeSQL now escape both single and double quotes, and not only on the first line of the parameter in the %queryparam hash, like it was before. The things some real-life testing can bring up...

• Support for PostgreSQL has been added, and newapp.pl has been updated to reflect the changes. It will now ask you whether you have a PostgreSQL or MySQL database.
• AutoCommit is by default off for PostgreSQL, which means that you can decide to commit or rollback yourself if you use the $dbh database handler directly (which, of course, has been possible from the very first version of WeSQL). MySQL does not support transactions, so when you use MySQL this is irrelevant.
• The parsing of files is now modularised. You can decide which actions should be done on a file, and in what order. In addition, you can insert a function of your own at any point in the chain - the only requirement is that you return the processed text, and that you define your function in your package.pm file, so that it can be referenced to from the WeSQL.pm module. See the documentation for more information. As a side effect, the 'MAGIC' string introduced in an earlier version has been dropped.
• Improved error handling: no more 'internal server error' messages when the underlying dababase server is not available.

• NULL values in the database will now return the string 'NULL' after substitution in the LIST statement. Any 'A_XXX'-like statement in a LIST block, where XXX is not a defined column name, will remain unchanged. Older versions of WeSQL would eat the 'A_' bit, and leave only the 'XXX' bit.
• Now newapp.pl will ask if you want to recreate the database that you want to access with your new application. In previous versions it just dropped and recreated that database. (Ouch!)
• The suggested addition to the httpd.conf file does not contain a DocumentRoot anymore. It was not necessary, and dropping it means that when something goes wrong, there will be _no_ access to your source html files.
• sampleapp's searchsomething.html had links to the wrong page (modify instead of modifyform) :-(
• Fixed several stupid bugs in newapp.pl that would mess things up unless you chose root/test as the credentials for your database access. :-((((

• A new tool, 'newapp.pl', has been added, to fully automate starting a new application with WeSQL. This greatly facilitates the WeSQL installation procedure.
• Support for cookies has been added. Cookies are now accessible in action.cgi and the *EVAL blocks through the hash %cookies, and in the html files through COOKIE_(uppercase cookie name).
  They can be set via HTML, with a statement like this in the header:
  <META http-equiv=\"Set-Cookie\" content=\"the=cure;expires=Friday, 31-Dec-01 23:59:59 GMT; path=/\">.
• Added the sub genericQuery to WeSQL.pm, with which any statement that can be understood by the underlying database can be executed. Results are returned via an object. genericQuery can be used like sqlSelectMany.
• The generic add, modify and del subs that used to reside in action.cgi have been moved to sampleapp.pm. In addition, they have become more generic - they will now ignore any form field with a name that is not a column name in the table. Keep in mind that the form fields with name 'table' and 'redirdest' still have a special meaning!

• Single quotes are now also a separator for PR_XXX and COOKIE_XXX placeholders. Hence, something like "Hello, this is 'PR_ME|Ward' speaking" would be correctly translated to either "Hello, this is 'Ward' speaking" if the parameter 'me' was not set - in older versions, the last single quote would mysteriously disappear.

v0.24 (2000.05.23):
New features

• Implemented support for MAGIC string to allow switching off the PREEVAL, PR_, EVAL, LIST and POSTEVAL parsing for each html file seperately. This can improve performance greatly in case of huge html-files, and can be quite useful for debugging purposes.

• Added PREEVAL, EVAL, and POSTEVAL tags that allow insertion of perl into the html files. Start building those queries dynamically!

• Allow the use of < and > in queries

• Column names are now case-insensitive when using sub sqlSelectMany2