Menu
▾
▴
[Slashcode-development] Re: [Slashcode] Slash & Bender bug
|
From: Chris N. <pu...@po...> - 2001-01-03 19:18:58
|
At 16:45 +0200 2001.01.02, Alessio Bragadini wrote:
>This has been ported to Bender:
>
>plugins/Slash-Admin/dump:11:INSERT INTO templates VALUES
>('','otherLinks','admin','default','eng','<LI><A HREF=\"[%
>constants.rootdir %]/search.pl?topic=[% tid
>%]\">More on [% topic.alttext %]</A></LI>\r\n<LI><A HREF=\"[%
>constants.rootdir
>%]/search.pl?author=[% aid %]\">Also by [% aid
>%]</A></LI>',500,'',NULL);
In bender, to escape data in a URL parameter, use fixparam. For example:
[% FILTER fixparam; aid; END %]
Or in Perl:
fixparam($aid)
Similarly, for TEXTAREA contents always use "strip_literal", for form
elements (INPUT VALUE="...") always use "strip_attribute". This is all
documented in the Slash::Utility manpage, and in the Slash::Display manpage.
It is better to not pre-filter variables before passing them to a template.
i.e., for awhile we were doing:
slashDisplay('template', {
aid_param => fixparam($aid),
aid_form => strip_attribute($aid),
});
We've instead been moving toward passing plain variables, and leaving it to
the template to fix them with the proper filter.
--
Chris Nandor pu...@po... http://pudge.net/
Open Source Development Network pu...@os... http://osdn.com/
|
