Re: [htdig] small patch to allow_in_form feature

Alexander Bergolth (
Wed, 3 Feb 1999 14:39:06 +0100 (MEZ)

On Tue, 2 Feb 1999, Gilles Detillieux wrote:

> According to Alexander Bergolth:
> > I changed config["allow_in_form"] to input->get(form_vars[i]) in
> > Display::setVariables and in Display::createURL.
> Wait, no, setVariables() should still use config[form_vars[i]], not
> input->get(form_vars[i])!

Once again, you are right...
That must be the weather, I didn't do anything clever yesterday... :)

> Of course, the allow_in_form attribute itself should only be read from
> the config dictionary, and not the input dictionary, because you don't
> want users to be able to override it!

In the for-loops only the list of variables that are specified in the
allow_in_form attribute are processed anyway. So if you donīt say
something like
allow_in_form: foo bar allow_in_form
in the config file, nobody should be able to override this via query


Alexander (Leo) Bergolth
WU-Wien - Zentrum fuer Informatikdienste
Info Center
In a world without walls and fences, who needs windows and gates?

To unsubscribe from the htdig mailing list, send a message to containing the single word "unsubscribe" in
the SUBJECT of the message.

This archive was generated by hypermail 2.0b3 on Wed Feb 10 1999 - 17:09:05 PST