Re: [Webware-discuss] Re: Session glitches with actions under SecurePage?

Thu, 27 Jun 2002 03:22:42 -0700 

> In your testing, did you try a URL with a query string with the same field
> repeated, like /foo/bar?field=foo&field=bar ?
> 
> If so, what was the resulting set of hidden fields?

The resulting set of tracebacks motivated me to produce this patch. :-)

I'm grateful for your help. Continue to feel free to point out anything bad
(bugs) or undesirable (non-Pythonic or Webwaric style, suboptimal variable
names, etc.).

Steve

> 
> - Geoff
> 
>> -----Original Message-----
>> From: Steve Freitas [mailto:[EMAIL PROTECTED]]
>> Sent: Thursday, June 20, 2002 2:54 PM
>> To: Geoffrey Talvola; Webware Discuss
>> Subject: Re: [Webware-discuss] Re: Session glitches with actions under
>> SecurePage?
>> 
>> 
>>> Better would be to do:
>>> 
>>> for name, value in self.request().fields().items():
>>> 
>>> which will work, and also saves an additional dictionary
>> lookup for each
>>> item.
>>> 
>>> 2) You need to encode the value in case it contains a double-quote
>>> character.  value.replace('"', '"') should do the
>> trick I think.
>> 
>> Check. Let me know what you think of the attached patch.
>> 
>>> 3) I believe that the values in the dict can be strings OR
>> lists of strings.
>>> So you need to check if the value is a list, and if so,
>> loop over the items
>>> in the list and output a separate hidden field for each
>> item in the list.
>>> This will happen with a URL like
>> /foo/bar?field=foo&field=bar in which case
>>> you'll have a fields dict like {'field': ['foo', 'bar']} I think.
>> 
>> I haven't tried explicitly checking for type list, but I've
>> tried this with 
>> multiple values, and it works fine. Do you still suggest
>> handling type list?
>> 
>> Steve
>> 
> 


56c56,67
<                                       <input type="hidden" name="loginid" value="%s">
---
>                                       <input type="hidden" name="loginid" 
>value="%s">''' % (action, loginid))
> 
>               # Forward any passed in values to the user's intended page after 
>successful login
>               for name, value in self.request().fields().items():
>                       if ((type(value) is types.ListType)):
>                               for valueStr in value:
>                                       self.write('''
>                                       <input type="hidden" name="%s" value="%s">''' 
>% (self.htmlEncode(name), self.htmlEncode(valueStr)))
>                       else:
>                               self.write('''
>                                       <input type="hidden" name="%s" value="%s">''' 
>% (self.htmlEncode(name), self.htmlEncode(value)))
>               self.write('''
62c73
< ''' % (action, loginid))
---
> ''')

Reply via email to