Hi all,
all of you who are working on DTL files know that we have $Data, $QData
(HTML quoting) and $LQData (URL parameter encoding) to output data in
DTLs dynamically.
When deciding which one to use, please from now *always* use $QData (in
HTML context) or $LQData (in URLs). Even if you just output a simple
$QData{"TicketID"}. *Only* use $Data if you have to output HTML data,
like a select box that was generated by the perl code.
The benefit is that the DTL files become more readable, because you can
see what the nature of a certain parameter is. The main reason is that
$Data potentially causes security problems, and we therefore must limit
its use as much as we can.
To sum up: *don't use $Data unless you have to*! This applies to all
areas of development at OTRS, not just the framework itself.
Regards,
--
Martin Gruner
Developer R&D
OTRS AG
Europaring 4
94315 Straubing
T: +49 (0)6172 681988 0
F: +49 (0)9421 56818 18
I: www.otrs.com/
Geschäftssitz: Bad Homburg, Amtsgericht: Bad Homburg, HRB 10751, USt-Nr.:
DE256610065
Aufsichtsratsvorsitzender: Burchard Steinbild, Vorstand: André Mindermann
NEU: OTRS::ITSM 2.0 - jetzt mit dem brandneuen Change Management Modul. -Die
erste ITIL® V3 kompatible
und nach PinkVERIFY zertifizierte Open Source IT Service Management (ITSM)
Lösung weltweit!
---------------------------------------------------------------------
OTRS mailing list: dev - Webpage: http://otrs.org/
Archive: http://lists.otrs.org/pipermail/dev
To unsubscribe: http://lists.otrs.org/cgi-bin/listinfo/dev
NEW! ENTERPRISE SUBSCRIPTION - Get more information NOW!
http://www.otrs.com/en/support/enterprise-subscription/
