[web2py] Re: Bug? SQLFORM.factory and SQLFORM differ in handling of hidden form fields

2011-01-18 Thread Massimo Di Pierro 
This is a bug. Would you please post your bug report email on
googlecode? I will fix it asap.

On Jan 18, 12:23 pm, Nathan VanHoudnos  wrote:
> Hi,
>
> A minimal example:
>     likertRightAnswer = ['Yes', 'No', 'Impossible to tell']
>
>     form = SQLFORM.factory(
>         Field('rightAnswer',
>               widget=horizontal_radios,
>               requires=IS_IN_SET(likertRightAnswer,
>                                  error_message=T('Please choose a
> response.'))),
>         hidden={'timestart':request.now.strftime('%Y-%m-%d %H:%M:%S')}
>         )
>
> In this case, BEAUTIFY(request.post_vars) will include, timestart and
> rightAnswer, but BEAUTIFY(form.vars) will only include rightAnswer.
>
> If we instead setup the appropriate db as db.ratings, and then do:
>     likertRightAnswer = ['Yes', 'No', 'Impossible to tell']
>
>     form = SQLFORM(db.ratings,
>         hidden={'timestart':request.now.strftime('%Y-%m-%d %H:%M:%S')}
>         )
>
> In this case, both BEAUTIFY(request.post_vars) and BEAUTIFY(form.vars) will
> both include timestart and rightAnswer.
>
> The second behavior is "more expected" at least to me.
>
> Right now, I'm using request.post_vars.timestart to access the value after
> the form.accepts call, but this feels like I'm hacking something together.
>
> And it essentially circumvents the security feature discussed in this
> thread:
>
> http://groups.google.com/group/web2py/browse_thread/thread/ab21d9d216...
>
> So is this a bug? Or should I be doing something different? (My application
> creates a bunch of little temporary forms and I don't want to bloat
> the data-store with them.)
>
> Cheers,
> --
> Nathan VanHoudnos
> |- Statistics & Public Policy PhD student
> |- Program for Interdisciplinary Education Research (PIER) Fellowship
> |- Carnegie Mellon University
> |-http://www.andrew.cmu.edu/user/nmv
>
> "Neglect of mathematics works injury to all knowledge,
>  since he who is ignorant of it cannot know the other
>  sciences or the things of this world." -- Roger Bacon

Re: [web2py] Re: Bug? SQLFORM.factory and SQLFORM differ in handling of hidden form fields

2011-01-20 Thread Nathan VanHoudnos 
Done: http://code.google.com/p/web2py/issues/detail?id=162

Thanks!

On Tue, Jan 18, 2011 at 4:29 PM, Massimo Di Pierro <
massimo.dipie...@gmail.com> wrote:

> This is a bug. Would you please post your bug report email on
> googlecode? I will fix it asap.
>
> On Jan 18, 12:23 pm, Nathan VanHoudnos  wrote:
> > Hi,
> >
> > A minimal example:
> > likertRightAnswer = ['Yes', 'No', 'Impossible to tell']
> >
> > form = SQLFORM.factory(
> > Field('rightAnswer',
> >   widget=horizontal_radios,
> >   requires=IS_IN_SET(likertRightAnswer,
> >  error_message=T('Please choose a
> > response.'))),
> > hidden={'timestart':request.now.strftime('%Y-%m-%d %H:%M:%S')}
> > )
> >
> > In this case, BEAUTIFY(request.post_vars) will include, timestart and
> > rightAnswer, but BEAUTIFY(form.vars) will only include rightAnswer.
> >
> > If we instead setup the appropriate db as db.ratings, and then do:
> > likertRightAnswer = ['Yes', 'No', 'Impossible to tell']
> >
> > form = SQLFORM(db.ratings,
> > hidden={'timestart':request.now.strftime('%Y-%m-%d %H:%M:%S')}
> > )
> >
> > In this case, both BEAUTIFY(request.post_vars) and BEAUTIFY(form.vars)
> will
> > both include timestart and rightAnswer.
> >
> > The second behavior is "more expected" at least to me.
> >
> > Right now, I'm using request.post_vars.timestart to access the value
> after
> > the form.accepts call, but this feels like I'm hacking something
> together.
> >
> > And it essentially circumvents the security feature discussed in this
> > thread:
> >
> > http://groups.google.com/group/web2py/browse_thread/thread/ab21d9d216...
> >
> > So is this a bug? Or should I be doing something different? (My
> application
> > creates a bunch of little temporary forms and I don't want to bloat
> > the data-store with them.)
> >
> > Cheers,
> > --
> > Nathan VanHoudnos
> > |- Statistics & Public Policy PhD student
> > |- Program for Interdisciplinary Education Research (PIER) Fellowship
> > |- Carnegie Mellon University
> > |-http://www.andrew.cmu.edu/user/nmv
> >
> > "Neglect of mathematics works injury to all knowledge,
> >  since he who is ignorant of it cannot know the other
> >  sciences or the things of this world." -- Roger Bacon
>



-- 
Nathan VanHoudnos
|- Statistics & Public Policy PhD student
|- Program for Interdisciplinary Education Research (PIER) Fellowship
|- Carnegie Mellon University
|- http://www.andrew.cmu.edu/user/nmv

"Neglect of mathematics works injury to all knowledge,
 since he who is ignorant of it cannot know the other
 sciences or the things of this world." -- Roger Bacon