Because this easily confuses syntax highlighters and some humans with
the q// string syntax. Also for consistency with the 'fu->sql()'
aliases.
The old names are still available as alias.
URI, JSON and formdata decoding no longer checks for control characters,
but FU::Validate now rejects control characters by default. This
decouples semantic validation from format parsing and gives better
control over when control characters are allowed.
Reason for this is that, with FU::SQL, it's possible to accidentally
introduce a bind parameter when a WHERE clause was intended (i.e.
"WHERE $1"). That's pretty bad, but can easily be caught by simply not
accepting *every* possible value as boolean.
Turns out VNDB has a few places where request data is directly used for
column names in VALUES/SET/WHERE clauses. These are already restricted
to known strings through the use of FU::Validate, but an extra layer of
protection seems warranted here.
Turns out this is necessary even if the fd is going to be passed through
exec() soon, because the supervisor might receive multiple fds before
spawning another process, in which case all of them are going to be
passed to the new process instead of just one.
And use it for automatic output compression in FU, as (potentially)
faster alternative to Compress::Raw::Zlib.
Was also planning to maybe add support for Zstd or Brotli, but given the
performance of libdeflate, I'm not sure that's really necessary. Brotli
does tend to do a better job at compressing HTML, though.
I'm breaking stuff left and right while I still can.
Idea: "key_names" validation?
Idea: "tuple" validation that works like "keys" but for arrays.
(i.e. { tuple => { $index => $schema } }, could make "missing" and
"unknown" work for arrays, too)
This allows all built-in options to be duplicated inside a single
schema, the semantics of which are the same as the kind of merging
done as part of inheriting options from custom validations.
This also causes all 'keys' and 'values' validation schemas to be
merged, which changes error messages a bit but is great for
introspection. Probably slightly improves performance as well.
API is not super convenient and implementation is lousy, but uploading
files is not a super common operation so that should be fine.
At least it supports large files with only a single in-memory copy.
