On Saturday, January 1, 2011 1:36:06 PM UTC-5, Jonathan Lundell wrote: > > On Jan 1, 2011, at 10:12 AM, Arun K.Rajeevan wrote: > > See my earlier message on this subject. > > It works just fine. Thank you. I ain't that good on regex, so I'd like to know what '([\w@ -][=.]?)+$' this implies. I understand it checking something at the end of the word ($)
> *2)* Login form is not working anymore. > Browser reports 'too many redirects' when I try to access login or > registration forms and such. > > *what went wrong? How to fix it?* > > > In default.user, process request.raw_args into request.args, and perform > the standard check on each arg. > > standard check? Please lead me. what are things that should be checked to avoid security flaws. > This will be easier in the new system (this is good feedback; thanks). > Tentatively: raw_args will be a list of raw args, rather than a string, and > will always be there. args will be a list of validated args, as now, but if > args-checking is disabled, I'll silently replace any invalid arg in args > with None. > new system?
