Hi,
The only way to make this safe from cgi input (as by default any cgi input can be used in a tag) is to add the following global:
is_logged_in => sub { return $USER ? 1 : 0 }
and then do:
<%if is_logged_in%>
..
<%endif%>
CGI input can not override globals, so even if someone passes in is_logged_in=1 in the query string, it won't work.
Cheers,
Alex
--
Gossamer Threads Inc.
The only way to make this safe from cgi input (as by default any cgi input can be used in a tag) is to add the following global:
is_logged_in => sub { return $USER ? 1 : 0 }
and then do:
<%if is_logged_in%>
..
<%endif%>
CGI input can not override globals, so even if someone passes in is_logged_in=1 in the query string, it won't work.
Cheers,
Alex
--
Gossamer Threads Inc.