The scope of a function - where it is "visible" and may be called
from - can be altered with one of the following attributes after the
NAME attribute in its declaration, in decreasing order of
PUBLICfunction is visible everywhere - to the file it is declared in, to other linked-in modules or scripts (see here for a discussion of library modules), and to users, i.e. it may be the start function for a script.
EXPORTfunction (not to be confused with the
EXPORTdirective, here) is visible to the file it is declared in, and to other linked-in modules or scripts. However it is not visible to the user, and therefore cannot be the start function. The
EXPORTattribute is used in library modules to make sensitive functions available to other scripts but not to the outside world. The
EXPORTattribute is available in version 2.6.936300000 19990902 and later.
PRIVATEfunction is visible only to the file it is declared in. It cannot be a start function, nor can other linked modules or scripts see it. Indeed other modules could redeclare their own distinct function with the same name.
An attempt to call a function outside its scope will have the same
result as if the function doesn't exist. For example, trying to enter a
script at a
EXPORT function will start at
PRIVATE functions provide a measure of
security by preventing web users from entering a script at an
unintended point. For example, a function such as this:
<A NAME=deluser PRIVATE>
<SQL NOVARS "delete from users where User = $User">
User $User was deleted.
could be dangerous if invoked by the user at a point not
controlled by the script: the
$User variable might not have
been verified. For similar reasons, all user and builtin functions
PRIVATE. However, the script function
main must always be
PUBLIC, as it is the default start
If a function does not have its scope declared, Vortex will try to
default it to
PRIVATE, as an additional security measure.
However, this is not always possible, for back-compatibility reasons.
Thus it is wise to declare explicitly the scope of all
functions, and to use the lowest scope possible (e.g.
only if specifically required). A function is
the following is true:
otherwise it is
PUBLIC. These arcane rules maintain
back-compatibility with Vortex versions prior to 2.1.895000000 19980513, where all script functions were
PUBLIC (and had no
parameters). Again, it's easier to simply always declare function