Aiki markup already supported GET[key] and POST[key]. Are you just changing the syntax by wrapping it in another pair of brackets? What is new here?
- Christopher On Sun, Aug 28, 2011 at 4:45 AM, Roger Martín <[email protected]> wrote: > Hi folks! > > In revision 891 i have added a undocumented feature. Now you can insert and > use in widget POST ang GET values, witth this syntax: > - [GET[key]] > - [POST[key]] > > For example: > <form id="search"><input type='text' name='search' value='[GET[search]]'> > > with this url www.aiki.org/sitemap?page=4 > (sql( > (select i from anytable limit [GET[page]]000, 1000.... > )sql) > > (jakub, i'm not sure this will work...) > > This feature can be useful, but can be a open door to script and sql > injection. > what do you think? remove? maintain? sanitze (not allowing ')? > > roger > > _______________________________________________ > Mailing list: https://launchpad.net/~aikiframework-devel > Post to : [email protected] > Unsubscribe : https://launchpad.net/~aikiframework-devel > More help : https://help.launchpad.net/ListHelp > > -- ——— christopher adams 86 186 1172 0021 | 1 646 201 3335 49 15 156 219931 | 886 953 036 630 chris.raysend.com
_______________________________________________ Mailing list: https://launchpad.net/~aikiframework-devel Post to : [email protected] Unsubscribe : https://launchpad.net/~aikiframework-devel More help : https://help.launchpad.net/ListHelp
