At 06:19 PM 9/7/2001 -0400, Jeff Johnson wrote:
>I use a modified version of SecurePage.py which no longer works with the
>latest Webware CVS because of the new code that allows query strings and
>POST variables to both be parsed. I agree that both should be parsed
>but one should override the other, not be added together.
>
>SecurePage.py creates hidden fields for any fields passed in (now
>including query string variables). It also keeps the query string as is
>so when the form gets submitted the same variables exist in the query
>string and in the form. The servlet that receives the form now gets a
>list of values for those variables instead of a single value. I could
>re-write SecurePage to not duplicate query-string variables but I think
>that the behavior of FieldStorage/HTTPRequest is incorrect and should be
>changed instead. Form values should overwrite query string values.
>Does anyone disagree?
I noticed this too, and to deal with it I re-wrote my own version of
SecurePage so that it doesn't bother putting in the hidden form
variables. I think it's much cleaner to just let the variables get carried
in through the query string instead of going through the extra effort of
transforming them into form variables.
But you're probably right that the form values should overwrite query
string values. Actually, in the implementation, I think form values are
processed first, then they are augmented with the query string values. So
that part of the code that processes the query string should just skip over
any values that have already come in as form values.
If you want to try making this change, it would be in parse_qs in
WebUtils/FieldStorage.py.
- Geoff
_______________________________________________
Webware-devel mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/webware-devel
