great, thanks . On Sunday, February 16, 2014 3:03:40 PM UTC+2, Niphlod wrote: > > and what you expected ? :-P > you built your function to post to an url like > > /base_url/ > whatever_is_inserted_in_the_form_without_encoding_or_sanitization > > Not every url is a valid one (try opening /base_url/ì^'0=")....and its > generally NOT safe doing what you're doing. > User input in web applications needs to be either validated before or > properly escaped.....usually you'd want base_url?something=escaped_value > that you can retrieve later with response.vars.something > > > On Sunday, February 16, 2014 1:36:17 PM UTC+1, Avi A wrote: >> >> All I see is:invalid request >> rendered on the #org_form_target >> #model >> db.define_table('t_orgs', >> Field('f_org_name', type='string', >> label=T('Organization Name')), >> Field('f_org_code', type='password', >> label=T('Organization pasword')), >> Field('org_api_key', length=64, type='string', default=uuid.uuid4(), >> writable=False), >> auth.signature, >> format='%(f_org_name)s', >> migrate=settings.migrate) >> >> db.define_table('t_orgs_archive', db.t_orgs, >> Field('current_record', 'reference t_orgs', >> readable=False, writable=False)) >> >> >> #controller: >> def org_form_load(): >> org_code_name = db(db.t_orgs.f_org_code == >> request.args(0)).select(db.t_orgs.ALL) >> if org_code_name: >> db.t_org_members.f_org_rep.default = org_code_name[0].id >> db.t_org_members.f_org_member.default = auth.user.id >> label_org_name = 'Join ' + org_code_name[0].f_org_name + ' >> Organization' >> form = SQLFORM(db.t_org_members, onupdate=auth.archive, >> submit_button= label_org_name) >> if form.process().accepted: >> session.flash = 'Welcome to \'' + org_code_name[0].f_org_name >> + '\' Organization!' >> redirect(URL('default', 'api_key.html'), client_side=True) >> elif form.errors: >> response.flash = 'response errors' >> return dict(form=form, org_code_name=org_code_name) >> >> else: >> return 'searching.....' >> >> #view >> <div class="well well-sm"> >> <p>Type your organization code:</p> >> <input id="org_code_input" onkeyup="org_code_value(this.value)"> >> {{else:}} >> <h4>Organization api:</h4> >> {{=my_org_data[0].t_orgs.org_api_key}} >> {{pass}} >> <div id = "org_form_target"></div> >> >> >> >> <script type="text/javascript"> >> >> function org_code_value(org_code) >> { >> >> var url ="{{=URL('default', 'org_form_load.load')}}"; >> $.web2py.component(url + '/' + org_code, 'org_form_target'); >> } >> </script> >> >> >> >> >> >> >> >> On Sunday, February 16, 2014 2:17:31 PM UTC+2, Anthony wrote: >>> >>> What do you mean the form won't be accepted? Is it failing validation on >>> the server when form.process() is called? Do you have an IS_STRONG >>> validator defined? What is happening with the Ajax call in the browser? >>> Please show some more code an explain exactly what is happening. >>> >>> On Sunday, February 16, 2014 5:52:04 AM UTC-5, Avi A wrote: >>>> >>>> Hi, >>>> I created a table with a password field. >>>> I got an ajax (web2py component) form where a user fill the password, >>>> and if it's OK, it does something. >>>> It works fine, but the problem is that if I use for example "!" in the >>>> password field , the form won't be accepted. >>>> Is there a solution for that? I would like to allow any char that won't >>>> break the javascript. >>>> >>>> db.define_table('t_orgs', >>>> Field('f_org_name', type='string', >>>> label=T('Organization Name')), >>>> Field('f_org_code', type='password', >>>> ....................... >>>> >>>> <p>Type your organization code:</p> >>>> <input id="org_code_input" onkeyup="org_code_value(this.value)"> >>>> >>>> >>>> $.web2py.component(url + '/' + org_code, 'org_form_target'); >>>> >>>> >>>> Thanks. >>>> >>>
-- Resources: - http://web2py.com - http://web2py.com/book (Documentation) - http://github.com/web2py/web2py (Source code) - https://code.google.com/p/web2py/issues/list (Report Issues) --- You received this message because you are subscribed to the Google Groups "web2py-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to web2py+unsubscr...@googlegroups.com. For more options, visit https://groups.google.com/groups/opt_out.