Not to quibble (I'll do it anyway), but I don't see how nested arrays make the 
answer "sensible."

Perhaps we can agree the core problem here is not filtering data received from 
the user; such data is always suspect.

I had a "problem" with it years ago when I was trying to figure out where the 
extra parameter was coming from. Once I understood that Prototype was adding 
it, and why, I was okay with it, and in the one case where it was in the way, I 
added a line of code to remove if present.

Underlying his query is a good question--where is the documentation showing 
what the fix was for, so we know when the fix can be removed as the supported 
browser list evolves?


TAG

On Nov 25, 2009, at 6:01 PM, Mislav Marohnić wrote:

> On Tue, Nov 24, 2009 at 00:39, Arjen Nienhuis <a.g.nienh...@gmail.com> wrote:
> 
> But it's not empty POST bodies as it's only added if params != "".
> 
> Safari had this bug with all Ajax POST requests.
>  
> By accident I stored the extra parameter in the database of my webapp.
> I have 20000 of them in one table. None of them have a value other
> than the empty string(*). That's why I know that the workaround is no
> longer needed (or at least not that badly).
> 
> Prototype had this fix for years and you're the first one to report having 
> problems with it. This is because you shouldn't store all top-level 
> parameters as properties in a database. Much better practice is to nest a 
> parameters belonging to a record under a common key:
> 
>    user[first_name]=arjen&user[last_name]=nienhius
> 
> Every sensible backend will parse this as a nested hash/associative array, 
> then save only attributes found under "user". This allows you to have other 
> parameters in your application that serve for conveying some information, but 
> are not saved to a database. And of course, it would solve your underscore 
> problem.
> 
> More simply would just be deleting the parameter from the POST params 
> hash/array.
> 
> -- 
> You received this message because you are subscribed to the Google Groups 
> "Prototype: Core" group.
> To post to this group, send email to prototype-core@googlegroups.com
> To unsubscribe from this group, send email to 
> prototype-core-unsubscr...@googlegroups.com
> For more options, visit this group at 
> http://groups.google.com/group/prototype-core?hl=en

-- 
You received this message because you are subscribed to the Google Groups 
"Prototype: Core" group.
To post to this group, send email to prototype-core@googlegroups.com
To unsubscribe from this group, send email to 
prototype-core-unsubscr...@googlegroups.com
For more options, visit this group at 
http://groups.google.com/group/prototype-core?hl=en

Reply via email to