Function Scope

 

The scope of a function - where it is "visible" and may be called from - can be altered with one of the following attributes after the NAME attribute in its declaration, in decreasing order of visibility:

  • PUBLIC A PUBLIC function is visible everywhere - to the file it is declared in, to other linked-in modules or scripts (see here for a discussion of library modules), and to users, i.e. it may be the start function for a script.

  • EXPORT An EXPORT function (not to be confused with the EXPORT directive, here) is visible to the file it is declared in, and to other linked-in modules or scripts. However it is not visible to the user, and therefore cannot be the start function. The EXPORT attribute is used in library modules to make sensitive functions available to other scripts but not to the outside world. The EXPORT attribute is available in version 2.6.936300000 19990902 and later.

  • PRIVATE A PRIVATE function is visible only to the file it is declared in. It cannot be a start function, nor can other linked modules or scripts see it. Indeed other modules could redeclare their own distinct function with the same name.

An attempt to call a function outside its scope will have the same result as if the function doesn't exist. For example, trying enter a script at a PRIVATE or EXPORT function will start at main instead. PRIVATE functions provide a measure of security by preventing web users from entering a script at an unintended point. For example, a function such as this:

<A NAME=deluser PRIVATE>
  <SQL NOVARS "delete from users where User = $User">
  </SQL>
  User $User was deleted.
</A>

could be dangerous if invoked by the user at a point not controlled by the script: the $User variable might not have been verified. For similar reasons, all user and builtin functions are inherently PRIVATE. However, the script function main must always be PUBLIC, as it is the default start point.

If a function does not have its scope declared, Vortex will try to default it to PRIVATE, as an additional security measure. However, this is not always possible, for back-compatibility reasons. Thus it is wise to declare explicitly the scope of all functions, and to use the lowest scope possible (e.g. PUBLIC only if specifically required). A function is PRIVATE if the following is true:

  • It is explicitly declared PRIVATE, or

  • It has parameters, or

  • One or more other functions in the script have their scope declared explicitly

otherwise it is PUBLIC. These arcane rules maintain back-compatibility with Vortex versions prior to 2.1.895000000 19980513, where all script functions were PUBLIC (and had no parameters). Again, it's easier to simply always declare function scopes explicitly.


Copyright © Thunderstone Software     Last updated: Dec 10 2018
Copyright © 2019 Thunderstone Software LLC. All rights reserved.