Valerio Gionco <[EMAIL PROTECTED]> writes:Ok, but here is another issue...> As an alternative, mod_dtcl could directly set the variables inside
> the ::request:: namespace, but this could be a very radical solutio,
> too...I like having variables be more 'contained'. I don't like the PHP way
of doing things.More brainstorming...
How about another namespace for variables...
::VARS::x
::VARS::x(1) "value one"
::VARS::x(2) "value two"That is a sneaky way of letting us do arrays, which is one way of
handing the problem in a Tclish way, and keeping things more or less
clean.This might be difficult to switch to, but less so than using VARS as a
command.
Suppose I wrote a TCL script that writes the value of x:
if {[info exists ::VARS::x]} {
puts $::VARS::x
}
called with http://myserver.private/script.tcl?x=1
A malicious user could easily crash the application
calling http://myserver.private/script.tcl?x=1&x=2
because x becomes an array and puts $::VARS::x
fails.
The best solution I've found is still the use of two
variables: the array ::request::VARS for the variables
and the list ::request::VARSLISTS for the variable names
assigned more than a time (like I suggested with last email).
Not perfect, though... nobody else has suggestions?
Valerio Gionco
-- **************************************************************************** "Life's not fair, but the root password helps."
