am having a security issue with this function
i sent this ajax request: cart_callback?action=add&id=hacked
def cart_callback():
id = request.vars.id
if request.vars.action == 'add':
session.cart[id]=session.cart.get(id,0)+1
if request.vars.action == 'sub':
session.cart[id]=max(0,session.cart.get(id,0)-1)
return str(session.cart[id])
and i got a ticket
even with id=int(request.vars.id)
how do i secure this function so that it accepts only integer on
request.vars.id
--
Resources:
- http://web2py.com
- http://web2py.com/book (Documentation)
- http://github.com/web2py/web2py (Source code)
- https://code.google.com/p/web2py/issues/list (Report Issues)
---
You received this message because you are subscribed to the Google Groups
"web2py-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to [email protected].
For more options, visit https://groups.google.com/d/optout.
