[Slashcode-development] Re: [Slashcode] Slash & Bender bug

SourceForge Headquarters 1320 Columbia Street Suite 310 San Diego, CA 92101 +1 (858) 422-6466

At 16:45 +0200 2001.01.02, Alessio Bragadini wrote:
>This has been ported to Bender:
>
>plugins/Slash-Admin/dump:11:INSERT INTO templates VALUES
>('','otherLinks','admin','default','eng','<LI><A HREF=\"[%
>constants.rootdir %]/search.pl?topic=[% tid
>%]\">More on [% topic.alttext %]</A></LI>\r\n<LI><A HREF=\"[%
>constants.rootdir
>%]/search.pl?author=[% aid %]\">Also by [% aid
>%]</A></LI>',500,'',NULL);

In bender, to escape data in a URL parameter, use fixparam.  For example:

	[% FILTER fixparam; aid; END %]

Or in Perl:

	fixparam($aid)

Similarly, for TEXTAREA contents always use "strip_literal", for form
elements (INPUT VALUE="...") always use "strip_attribute".  This is all
documented in the Slash::Utility manpage, and in the Slash::Display manpage.

It is better to not pre-filter variables before passing them to a template.
i.e., for awhile we were doing:

	slashDisplay('template', {
		aid_param => fixparam($aid),
		aid_form  => strip_attribute($aid),
	});

We've instead been moving toward passing plain variables, and leaving it to
the template to fix them with the proper filter.

-- 
Chris Nandor                      pu...@po...    http://pudge.net/
Open Source Development Network    pu...@os...     http://osdn.com/