Hi, According to the documentation for Formbuilder, you can use $c->form->field to retrieve a listing of all the field names and values. My question is this; is this hash filtered against your *.fb configuration file or will it be populated from anything that shows up in the query parameters?
It matters to me for security reasons. My experiences seem to indicate that it is indeed limited to the form.fb configuration file but I'm not sure from looking at the source code. The reason I'd like to know this is that for most of my simple forms (and I have a lot of them) I do things like: my @fields = (qw/title summary/); $c->form->field(name => $_, value => $wiki->$_) for @fields; where $wiki is a DBIx::Row. I'd like to know if it's safe to autogenerate that @fields from $c->form->field. If that is going to be anything from the query parameters than I can't trust it, but if it comes from the *.fb file I control then I can. Thanks! John __________________________________________________ Do You Yahoo!? Tired of spam? Yahoo! Mail has the best spam protection around http://mail.yahoo.com _______________________________________________ List: [email protected] Listinfo: http://lists.rawmode.org/mailman/listinfo/catalyst Searchable archive: http://www.mail-archive.com/[email protected]/ Dev site: http://dev.catalyst.perl.org/
