Gossamer Forum
Quote Reply
GT::CGI
Hmm I am just writing a plugin for someone and am submitting a form from a template and the form contains things like:

<input type="text" name="foo" value="<%if foo%><%foo%><%endif%>">

...when the form processing is done, I'm returning to the same template with:

print Links::SiteHTML::display('my_template');

....as you can see, I'm not passing in any tags, but all the form fields are auto filled in using the posted form parameters. It seems the parser is automatically turning input parameters into tags?

Well, that wasn't the main reason I posted....I don't want the fields to be filled in after the form processing, so I decided I must have to nuke the input parameters. After a bit of playing I realised a useful subroutine was missing from GT::CGI that is present in CGI.pm

$IN->delete_all;

....will delete all parameters in CGI.pm, but GT::CGI gives an unknown method error =(

I'm having to use this:

$IN->param($_) = '' for (qw/my params go here/);

Does GT::CGI contain anything like the delete_all method?

Sorry if this is the wrong place to post - I wasn't sure whether I should post here or the plugin authors forum - it's not really plugin author specific though.
Quote Reply
Re: [Paul] GT::CGI In reply to
... Sort of.

You can call $IN->reset_env(), and then $IN = GT::CGI->new, and you'll have a new, empty object.

Jason Rhinelander
Gossamer Threads
jason@gossamer-threads.com
Quote Reply
Re: [Jagerman] GT::CGI In reply to
Hmm, thanks. I think I may stick with the for() loop for now. Would it be possible to add a delete_all method in the future?
Quote Reply
Re: [Jagerman] GT::CGI In reply to
Hi,

This is something that has come up in the Links area several times, in several different ways.

In some situations, tags are being passed, that you might not want to, and in other cases, tags are being screened out that you really want to pass.

I've called a few instances to Alex's attention from the forum, but if you do look at the added routine to GT::CGI, maybe you would take a look at the routines that call into the "display" routines, and see if they could all be lined up to do the same thing (or behave the same way).

As the program gets more complicated, and things like COMMUNITY are added on, security (both from a server and peace of mind stand point) becomes important. Especially in the display routines, it's important to have consistency.

GT::Template::dump should also have a warning to wrap it in some <%if status eq 'admin'%> type code, before use, because a *lot* of sensitive information is now given out when the parser does a dump. Maybe that should even be a default -- user has to be logged in as an admin before the dump is allowed to happen.

Just some thoughts on a rising concern.


PUGDOG� Enterprises, Inc.

The best way to contact me is to NOT use Email.
Please leave a PM here.