Malcolm Tredinnick wrote: > On Wed, 2006-10-11 at 21:33 -0500, Patrick J. Anderson wrote: > [...] >> I guess the concept of approving members needs to be refined. My project >> has some "special" requirements and this is one of them. > > There's no problem with special requirements. My point was that it's not > at all secure to include that value as a hidden input form variable. If > it should be set to False upon creation, do that in the save() method or > in the view function that processes the form submission. Putting the > value in the form and trusting what is submitted means that people will > be able to approve themselves if they have a few clues about how web > form submission works and the inclination to do so. > >> On the value of {{ object.is_approved }}: I see None for "Unknown", 1 >> for "Yes" and 0 for "No". I'm not sure why either. > > I guess one question to ask here is whether "object" in your example is > a form manipulator or the model instance itself. If it's a form > manipulator, then you are reference a form field instance, not the model > field. If it's the model field, I would expect the value in a template > to be the same as the value if I print object.is_approved at a shell > prompt (which will be a boolean or None). Looking at what you are > reporting, it sounds like you are referencing a manipulator there, which > changes things. > > Regards, > Malcolm > > > > > > Thanks for your comments, Malcolm. I realize that a determined person could submit an altered form and edit other profiles.
I guess this is not a Django-specific question, but what would be the best way of preventing that from happening? --~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "Django users" group. To post to this group, send email to django-users@googlegroups.com To unsubscribe from this group, send email to [EMAIL PROTECTED] For more options, visit this group at http://groups.google.com/group/django-users -~----------~----~----~----~------~----~------~--~---