Forum OpenACS Development: export_vars -entire


	The Toolkit for Online Communities 15939 Community Members, 0 members online, 2300 visitors today			Log In	Register

Forum OpenACS Development: export_vars -entire_form can be dangerous...

OpenACS Home : Forums : OpenACS Development : export_vars -entire_form can be dangerous...

Back to OpenACS Development

Icon of Envelope Request notifications

1: export_vars -entire_form can be dangerous...

Posted by Mark Aufflick on 06/16/04 03:11 PM

Since export_vars calls subst over your vars (for the case that you want to put square brackets etc in your override strings etc.) if you use the -entire_form flag you might be surprised with the outcome of, say, a content field that happens to have square brackets.

This could lead to bad things...

I suggest that subst should not be applied to values pulled in magically by entire_form - possibly not at all.

opinions?

2: Re: export_vars -entire_form can be dangerous... (response to 1)

Posted by Mark Aufflick on 06/16/04 03:26 PM

Excuse my really bad uplevel hacking, but the following does the trick:

replace

set value [uplevel subst \{[lindex $var_spec 1]\}]

with:

set value [uplevel set fasldkjflaskd \{[lindex $var_spec 1]\}]
     if {[info exists form_var_list] && [lsearch [lindex $var_spec 1] $form_var_list]> 0} {
      # don't run subst on auto included form vars                                       
      set value [subst {$value}]
}

3: Re: export_vars -entire_form can be dangerous... (response to 1)

Posted by Mark Aufflick on 06/16/04 03:52 PM

Sorry everyone - wasn't thinking that I was working on a 4.2 codebase at the time - exactly this conceptual change has been made much in 5.1 at least.

Back to OpenACS Development