great, thanks .
On Sunday, February 16, 2014 3:03:40 PM UTC+2, Niphlod wrote:
>
> and what you expected ? :-P
> you built your function to post to an url like
>
> /base_url/
> whatever_is_inserted_in_the_form_without_encoding_or_sanitization
>
> Not every url is a valid one (try opening /base_url/ì^'0=")....and its
> generally NOT safe doing what you're doing.
> User input in web applications needs to be either validated before or
> properly escaped.....usually you'd want base_url?something=escaped_value
> that you can retrieve later with response.vars.something
>
>
> On Sunday, February 16, 2014 1:36:17 PM UTC+1, Avi A wrote:
>>
>> All I see is:invalid request
>> rendered on the #org_form_target
>> #model
>> db.define_table('t_orgs',
>> Field('f_org_name', type='string',
>> label=T('Organization Name')),
>> Field('f_org_code', type='password',
>> label=T('Organization pasword')),
>> Field('org_api_key', length=64, type='string', default=uuid.uuid4(),
>> writable=False),
>> auth.signature,
>> format='%(f_org_name)s',
>> migrate=settings.migrate)
>>
>> db.define_table('t_orgs_archive', db.t_orgs,
>> Field('current_record', 'reference t_orgs',
>> readable=False, writable=False))
>>
>>
>> #controller:
>> def org_form_load():
>> org_code_name = db(db.t_orgs.f_org_code ==
>> request.args(0)).select(db.t_orgs.ALL)
>> if org_code_name:
>> db.t_org_members.f_org_rep.default = org_code_name[0].id
>> db.t_org_members.f_org_member.default = auth.user.id
>> label_org_name = 'Join ' + org_code_name[0].f_org_name + '
>> Organization'
>> form = SQLFORM(db.t_org_members, onupdate=auth.archive,
>> submit_button= label_org_name)
>> if form.process().accepted:
>> session.flash = 'Welcome to \'' + org_code_name[0].f_org_name
>> + '\' Organization!'
>> redirect(URL('default', 'api_key.html'), client_side=True)
>> elif form.errors:
>> response.flash = 'response errors'
>> return dict(form=form, org_code_name=org_code_name)
>>
>> else:
>> return 'searching.....'
>>
>> #view
>> <div class="well well-sm">
>> <p>Type your organization code:</p>
>> <input id="org_code_input" onkeyup="org_code_value(this.value)">
>> {{else:}}
>> <h4>Organization api:</h4>
>> {{=my_org_data[0].t_orgs.org_api_key}}
>> {{pass}}
>> <div id = "org_form_target"></div>
>>
>>
>>
>> <script type="text/javascript">
>>
>> function org_code_value(org_code)
>> {
>>
>> var url ="{{=URL('default', 'org_form_load.load')}}";
>> $.web2py.component(url + '/' + org_code, 'org_form_target');
>> }
>> </script>
>>
>>
>>
>>
>>
>>
>>
>> On Sunday, February 16, 2014 2:17:31 PM UTC+2, Anthony wrote:
>>>
>>> What do you mean the form won't be accepted? Is it failing validation on
>>> the server when form.process() is called? Do you have an IS_STRONG
>>> validator defined? What is happening with the Ajax call in the browser?
>>> Please show some more code an explain exactly what is happening.
>>>
>>> On Sunday, February 16, 2014 5:52:04 AM UTC-5, Avi A wrote:
>>>>
>>>> Hi,
>>>> I created a table with a password field.
>>>> I got an ajax (web2py component) form where a user fill the password,
>>>> and if it's OK, it does something.
>>>> It works fine, but the problem is that if I use for example "!" in the
>>>> password field , the form won't be accepted.
>>>> Is there a solution for that? I would like to allow any char that won't
>>>> break the javascript.
>>>>
>>>> db.define_table('t_orgs',
>>>> Field('f_org_name', type='string',
>>>> label=T('Organization Name')),
>>>> Field('f_org_code', type='password',
>>>> .......................
>>>>
>>>> <p>Type your organization code:</p>
>>>> <input id="org_code_input" onkeyup="org_code_value(this.value)">
>>>>
>>>>
>>>> $.web2py.component(url + '/' + org_code, 'org_form_target');
>>>>
>>>>
>>>> Thanks.
>>>>
>>>
--
Resources:
- http://web2py.com
- http://web2py.com/book (Documentation)
- http://github.com/web2py/web2py (Source code)
- https://code.google.com/p/web2py/issues/list (Report Issues)
---
You received this message because you are subscribed to the Google Groups
"web2py-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to [email protected].
For more options, visit https://groups.google.com/groups/opt_out.
