(I believe you wrote this in reply to my mail. My mail client didn't
detect that so I apoligize if I'm mistaken.)
On 13.Jun.2001 -- 06:50 PM, Jason Foster wrote:
> One suggestion might be to switch from using Request attributes to using
> Session attributes. The reason is, as you said, that request attributes
> can't survive a redirect.
You're right. However there are three points I would like to be
considered. First, I don't like the idea of parameters coming from the
client to pop up in the environment. I believe they should be
explicitly introduced so that it is clear whether the information in
safe and sound or not. Syntactic checks like the form validator action
does are sometimes not sufficiant. This is the root of many security
problems in php scripts if used this way.
Second, I think there's a discussion going on if it is correct
behavior if request parameters persist a redirection. It looks like
this is not the case and will change shortly. It might already have
changed. This way the parameters wouldn't survive but the validation
results would :-|
In addition I think it is advantagous to not have to clean up
afterwards :-)
> I keep seeing messages that imply that I can "redirect" inside of the
> sitemap, in which case there is little reason to switch. Of course I have
> no idea how to pull off this "internal redirection."
Well, I'm just starting to look at it but it might be that views and
aggregation might be suited for similar tasks if they are not even
better suited. But frankly, I don't know yet.
> Can you make similar changes to the other, related validators? I figure you
> could mess with the base class fairly easily. I have used the Session and
Mmmh, I haven't used them yet. I will certainly look at the database
actions. If they don't return suitable return codes I will try to
offer some patch. Speaking of which, my patch to form validator action
et al hasn't been committed to CVS yet nor have I got any feedback
from the developers :-|
Chris.
--
C h r i s t i a n H a u l
[EMAIL PROTECTED]
fingerprint: 99B0 1D9D 7919 644A 4837 7D73 FEF9 6856 335A 9E08
---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, email: [EMAIL PROTECTED]
