Zef,
In regard to sql injection, if Django is used properly, then this isn't an
issue. Django provides methods to access your forms cleaned data so that
you are never grabbing something that could be malicious.
If you want to add a custom message to each order (as you state), and not
to each product, there is a 'notes' field that isn't in the form that is in
satchmo. You would just need to add that field to the form via a listener
(when the form is initialized), something like this: (Put this in a
models.py file of any app... i created a satchmo_listeners app just to hold
these listeners)
def add_order_note(sender, form, **kwargs):
"""Add a Note field to the order."""
if 'notes' not in form.fields:
notes_attrs = {'id': 'checkOutNotes'}
form.fields['notes'] = forms.CharField(label='Notes',
required=False,
help_text='(Optional) Any special instructions, etc.',
widget=forms.Textarea(attrs=notes_attrs))
form_init.connect(add_order_note, sender=SimplePayShipForm)
You would then want to edit your confirm and success templates to show the
note after they enter it and proceed to checkout. Also you would want to
edit your email template that send the order confirmation.
I think thats it. Let me know if I missed anything or you have any
questions.
Dave
On Sat, Nov 12, 2011 at 9:21 PM, v3ngrafzeff <[email protected]> wrote:
> I'm an experienced python developer and am thinking of switching to
> Satchmo. I've got lots of SQL (oracle) with modpython in my
> background as well. -- But would probably just use mysql.
> #1 I'm wondering how easy it would be to add a field to a product so I
> could have the ability to add a 'custom message' to each 'order' as
> I'm thinking of setting up a 'gift giving' storefront.
>
> I'm thinking this is probably a new field in the database and a new
> field on the form somewhere, probably on the checkout screen where
> there would be a new screen perhaps where the 'ship to' would get
> inserted (if multiple recipients) were to be sent, etc to.
>
> Has anyone addressed this, is there a plug-in already for this sort of
> approach? or is it just a template?
>
> #2 How safe is satchmo against sql injection? has work gone into
> this topic to prevent this sort of attack?
>
> Thanks
>
> zef
>
> --
> You received this message because you are subscribed to the Google Groups
> "Satchmo users" group.
> To post to this group, send email to [email protected].
> To unsubscribe from this group, send email to
> [email protected].
> For more options, visit this group at
> http://groups.google.com/group/satchmo-users?hl=en.
>
>
--
Dave Brown
CEO/Founder
Rampframe.com - Action Sports Network
--
You received this message because you are subscribed to the Google Groups
"Satchmo users" group.
To post to this group, send email to [email protected].
To unsubscribe from this group, send email to
[email protected].
For more options, visit this group at
http://groups.google.com/group/satchmo-users?hl=en.
