Albatross - a Toolkit for Stateful Web Applications

News

27 April 2011 - Albatross 1.42 released

Incompatibilities

New Features

Enhancements

Bug Fixes

15 March 2010 - Albatross 1.40 released

Major Changes

Bug Fixes

Miscellaneous Changes

19 March 2007 - Albatross 1.36 released

New Features

Functional Changes

Bug Fixes

Miscellaneous Changes

20 June 2006 - Albatross 1.35 released

Note that release 1.34 was an internal release.

New Features

Functional Changes

Bug Fixes

16 December 2005 - Albatross 1.33 released
This release contains a security fix:
16 August 2005 - Albatross 1.32 released
This release contains only bugfixes:
31 May 2005 - Albatross 1.30 released
19 October 2004 - Albatross 1.20 released
Changes in this release include:
  • A new BranchingSessionContext application context class, that provides better syncronisation between browser state and application state when the application state is stored server-side.
  • Improved adapters for the different deployment modes (CGI, FastCGI, mod_python, standalone, etc). Application status codes (such as HTTP_INTERNAL_SERVER_ERROR) are now returned to the browser.
  • The page module loader in PageModuleMixin has been reimplemented so that it does not pollute sys.modules. Page modules are now loaded into a synthetic module's namespace, rather than the global module namespace. This will break code that defined classes in page modules and placed instances of those classes into the session.
  • Multi-instance response headers are now supported (so, for example, more than one Cookie can be set. The ResponseMixin.get_header() method now returns a list rather than a single string.
  • ctx.req_equals(name) now checks for name.x if name is not found. This makes using image maps as buttons easier.
  • Under some circumstances, redirect_url() would redirect to incorrect or invalid URLs (for example, an https app would redirect to http) - the URI parsing has been refactored, and this bug has been fixed. Tests were also added for the refactored URI parsing.
  • Several cookie handling bugs were fixed.
20 July 2003 - Albatross 1.10 released
This release contains many new features, most of which are described below.
  • Matt Goodall developed support for deployment of applications via FastCGI. FastCGI applications import their Request class from albatross.fcgiapp.
  • Matt Goodall developed support for standalone deployment of applications via the standard Python BaseHTTPServer module. The al-httpd program can be used to deploy a CGI application as a standalone BaseHTTPServer server.
  • All Albatross exceptions have been redefined to indicate the source of the error; user (UserError), programmer (ApplicationError), or Albatross itself (InternalError). The ServerError exception reports problems related to the session server, SecurityError reports either a programmer error, or a user attempt to access restricted values in the execution context, and TemplateLoadError reports failures to load templates. All of the exceptions inherit from AlbatrossError.
  • All response header management has been moved to the ResponseMixin class. The AppContext class now inherits from ResponseMixin. The Request class no longer tracks whether or not headers have been sent.
  • The Application.run() method no longer unconditionally returns an HTTP response code of 200. The returned response code is retrieved from the Request.status() method. You can call the Request.set_status() method to override the default HTTP response code of 200.
  • The <al-input> tag now supports type="file" input tags. When you use file input tags the enclosing <al-form> tag automatically adds the enctype="multipart/form-data" attribute to the generated <form> tag.
  • The Application.run() method now saves the session before flushing the response to the browser. This allows applications to support dynamically generated images.
  • The exception formatting in Application.handle_exception() has been moved into the format_exception() method. Applications can perform their own exception formatting and/or send formatted exceptions to locations other than the browser.
  • The ExecuteMixin.write_content() method now converts unicode to UTF-8.
  • During NamespaceMixin.eval_expr() the execution context is temporary placed into the local namespace as the variable __ctx__.
  • The <al-lookup> tag now registers the lookup during template parsing rather than during evaluation. This allows template code to make use of lookups that are defined later in the same file. The item dictionary is created the first time that the lookup is used rather than when the template is interpreted.
  • Macro arguments are now evaluated when they are referenced rather than before they are passed to a macro. This removes a limitation where you could not define macros including <al-form> tags that retrieved <al-input> tags from their arguments. Previously the <al-input> tags passed as macro arguments would have been evaluated outside of the context of the form defined in the macro. This effectively made the input tags invisible to the form recorder.
  • The templates reference documentation has been completely restructured to improve clarity. All attributes of each tag have been documented.
28 October 2002 - Albatross 1.01 released
Changes in this release include:
  • Prevent variables starting with an underscore from being merged into the context local namespace from request objects. This prevents attackers spoofing variables such as __page__, and any user variables such as authentication data.
  • Updated documentation to explain underscore prefixed names in execution context are protected from browser modification.
  • Applied bugfix from Detlef Lannert - null attributes would raise a TypeError (for example: <AL-IMG EXPR="..." ALT="">). Once fixed, this exposed another bug where an attribute with a null value would lose it's value altogether (XHTML requires attributes to have a value, null or otherwise).
  • Exception text is now escaped before being sent to browser.
  • The PageModuleMixin does not reload a page module if was previously loaded by unpickling the session. This is to avoid a problem with new code in the Python 2.2 pickle/cPickle module which causes the following to fail.
    import pickle, copy
    o = copy._EmptyClass()
    reload(copy)
    pickle.dumps(o, 1)
       
  • Pickling errors are now trapped by looking for the PickleError exception.
  • Bug prevented nameexpr from being used in <AL-TEXTAREA> and <AL-SELECT>.
  • Radio input was converting "value_attr" to str(), but not "value", which was causing the "checked" test to fail if value was anything but a string. Also changed checkbox input to convert both to strings before doing the comparison.
20 August 2002 - Albatross 1.00 released
Changes in this release include:
  • PageModuleError is raised when a page module is loaded which does not define one of page_enter(), page_leave(), page_process() or page_display().
  • Application merge_request() method now defers browser request merging to the execution context. This allows the RecorderMixin class to define the correct request merging process.
  • Include filename in template load errors - when templates are loaded by any means other than <al-include>, the filename was often not in the traceback.
  • When you use FormRecorderMixin you must now specify LIST attribute on <AL-INPUT> and <AL-TEXTAREA> tags if more than one field in a form has the same name. This also causes the request merging to always place those input values into a list in the local namespace regardless of how many values were sent by the browser. FieldTypeError is raised when LIST attribute value is inconsistent with multiple/singular instances of an input field in a form.
  • Replaced all relative module imports with absolute imports to avoid namespace clashes.
  • Several SessionFileAppMixin portability fixes - use "rb" and "wb" mode on open of session files for windows portability, and improvements to handling of platforms without /dev/urandom.
  • albatross.random module renamed to albatross.randompage.
  • SessionFileAppMixin now checks that the session-id returned from the browser does not contain any filesystem path components that could be used to access files outside the session file directory.
  • Tag constructors are now passed the execution context as the first argument, which makes them consistent with other methods, and allows greater flexibility in code placement.
  • Macros are now registered at load time, rather than execution (to_html) - this allows forward references, and other tricks.
  • New "ellipsis" mode for tree iterator, which are a variant of lazy trees where nodes at shallower levels are progressively collapsed into ellipses as the user opens deeper nodes. The user can reopen the collapsed nodes by selecting an ellipsis.
  • TreeIterators now support get_open_aliases(), get_selected_aliases(), set_open_aliases(), set_selected_aliases() methods to set and get open and selected nodes for the TreeIterator. This allows you to enter a page with tree nodes already open or selected, and also to save the state of the tree for future use.
  • Added a basic /etc/init.d style rc script for the TCP session server. The session server script is now installed to you scripts directory (typically /usr/local/bin). Session server component modules simpleserver and pidfile are now installed into the albatross module directory, along with the rest of albatross.
15 March 2002 - Albatross 0.06 released
Changes in this release include:
  • The template parse has been enhanced to handle attribute values enclosed with either single or double quotes. The enclosing quote character can be used in the attribute string if it is escaped by a backslash ('\'). Attribute values can be broken over multiple lines.
  • All pickles sent to browser are now MD5 signed to detect and prevent modification. New pickle security techniques can be defined by defining a replacement for the PickleSignMixin class.
  • The new RandomPageModuleMixin class now allows you to build applications which use the request URL to determine which page module will be used to process the browser request.
  • A set of classes for implementing file based server side sessions has been added.
  • The simple session server can now be run as a daemon under Unix.
  • Program mainline for mod_python deployment has been simplified. You now hook into mod_python like this:
    def handler(req): 
        return app.run(Request(req))
    instead of this:
    from mod_python import apache 
        :
    def handler(req): 
        app.run(Request(req)) 
        return apache.OK
  • New redirect() execution context method for doing browser redirection.
  • Session saving can be disabled via the new set_save_session() method.
  • The samples have been completely reorganised and documentation updated to make them less confusing. An installation program has been provided to reduce the pain of running the samples.
  • Many documentation improvements.
14 January 2002 - Albatross 0.05 released
Changes in this release include:
  • Many documentation fixes.
  • Documentation for macro tags has been completed.
  • New calendar example extension tag.
  • Fixed infinite recursion bug in nested macro expansion.
  • All interactive examples in documentation are now validated via 'make test' in the doc directory.
  • Lots of new unit tests.
26 December 2001 - Albatross 0.04 released
First public release of Albatross.