[SPT/CWIS] URL overrides of SysConfig

[Kucera, Rich]

> I would be very hesitant to incorporate code that allows all of the
> configuration values to be overridden via values included in the URL,
> as it will very likely open up your system to "injection" attacks, and
> at minimum takes control of many of the system configuration options
> out of your hands.
[R >> ] 
Good point.  Will restrict to only the options I need.  Though I didn't see
anything in there that looked harmful.   Will look again.

> You want the UI set on a per-user basis?  Or for it to change for all
> users at once?
[R >> ] 
All users regardless.  I need the flexibility based on URL.  

> 
> As much as we've been trying to move to REST-style stateless
> operation, setting the UI on a per-user basis for users that aren't
> logged in strikes me as something that should be handled by storing
> something in the user environment (presumably directly or indirectly
> via a cookie);  appending a UI value to all internal links is probably
> going to be an ongoing headache to maintain.
[R >> ] 

I didn't mention for my case this is a very simple external interface handled
via remote smarty templates.  This is a case where a 3rd party is
constructing templates according to their document model with runtime
dependencies on their Apache/SSI/CGI.   I can't have the whole thing inside
CWIS.  I simply deleted everything in StartPage,  EndPage, Advanced and
AdvancedSearch,   get template variables from the CWIS components and grab
the remote template over http.   In some cases I imagine it can be pretty
fine-grained with CWIS callbacks calling remote templates to get snippets.  I
couldn't imagine doing this without CacheLite though...it is slow.

The PHP/CWIS/Smarty solution also has to demonstrate advantages over other
frameworks/languages.

On the contrary by doing this I'm looking to remove an ongoing maintenance
headache.

-Rich