massimo, thank you for the hints, db.comment.post.default is working as expected without no additional methods defined. however i also would like to thank you for that i have also learnt how to do operations after form insert. :)
annet, thank you again :) On Dec 13, 5:28 am, mdipierro <[email protected]> wrote: > I do not understand what you are tryng to do. If the postid is already > in the URL (request.args(0)) why to you put it in the form? > > My best guess is that you are trying to do this: > > def view(): > postid = request.args(0) > ## post.body = post.body.replace("\n", "<br />") #### WARNING > db.comment.post.readable=False > db.comment.post.writaable=False > db.comment.post.default=postid > commentform = crud.create(db.comment) > return dict(post=post, commentform=commentform) > > WARNING. The replace you are doing tells me you have XML(post.body) in > the view. IF this is the case your app has XSS vulnerability. Do not > do > > {{=XML(post.body.replace("\n", "<br />"))}} > > but do > > {{=XML(post.body.replace("\n", "<br />"),sanitize=True)}} > > or > > {{from gluon.contrib.markdown import WIKI}} > {{=WIKI(post.body)}} > > Massimo > > On Dec 12, 6:22 pm, Mengu <[email protected]> wrote: > > > > > > > so far, i have managed to do this: > > > def view(): > > postid = request.args(0) > > post = db(db.post.id == postid).select()[0] > > post.body = post.body.replace("\n", "<br />") > > commentform = crud.create(db.comment, onaccept=_setPostId) > > commentform[0].append(XML('<input type="hidden" name="post" > > value="'+postid+'" />')) > > return dict(post=post, commentform=commentform) > > > def _setPostId(form): > > db(db.comment.id == form.vars.id).select()[0].update_record > > (post=request.vars.post) > > > however as you can see, it sets the post for the comment after > > inserting the comment despite the fact that the hidden post field has > > a value inside the form which does not get posted. isn't this a bug? i > > also should note that post field is not readable and writable. > > > thanks again. -- You received this message because you are subscribed to the Google Groups "web2py-users" group. To post to this group, send email to [email protected]. To unsubscribe from this group, send email to [email protected]. For more options, visit this group at http://groups.google.com/group/web2py?hl=en.
