Hasanuddin Tamir wrote: > Imagine you have a template, > > <title><tmpl_var title></title> > > And you expect that title will be filled in from some textfield. But what > what happened if someone find out about the placeholder title in the > template and that you use associate? He can fill it in with what ever he > likes via query string. > > http://www.host.com/yourscript?title=whatever+will+be >
The docs seemed to say that setting a var via $tmpl->param would override anything in $cgi. --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
