[pLog-svn] r6524 - plog/branches/lifetype-1.2/class/data/forms
Jon Daley
plogworld at jon.limedaley.com
Mon Jun 9 07:38:19 EDT 2008
I like all of the changes, but I am unsure about this one. If
there is something wrong with the data, I think I would rather see a blank
field than a field that has been modified. Both from a developer's and
user's standpoint.
One argument for displaying the filtered value from the user's
standpoint is if they accidentally typed in HTML and didn't mean to, then
we take care of it.
However, since we don't know what sort of validation was supposed
to be done on this field, perhaps filtering HTML isn't the right answer,
and I would rather blank it out, than have either bad data passed to the
user, or some security hole that we haven't thought of yet. The user can
usually hit the back button if you are worried about him recovering data.
Passing back unknown data to the user seems like a bad idea.
On Mon, 9 Jun 2008, mark at devel.lifetype.net wrote:
> Author: mark
> Date: 2008-06-09 04:00:51 -0400 (Mon, 09 Jun 2008)
> New Revision: 6524
>
> Modified:
> plog/branches/lifetype-1.2/class/data/forms/formvalidator.class.php
> Log:
> We still need the value but filtered with Textfilter::filterAllHTML()
>
> Modified: plog/branches/lifetype-1.2/class/data/forms/formvalidator.class.php
> ===================================================================
> --- plog/branches/lifetype-1.2/class/data/forms/formvalidator.class.php 2008-06-09 07:32:35 UTC (rev 6523)
> +++ plog/branches/lifetype-1.2/class/data/forms/formvalidator.class.php 2008-06-09 08:00:51 UTC (rev 6524)
> @@ -110,6 +110,10 @@
> $this->_validationResults["$fieldName"] = $validationResult;
> if($validationResult)
> $this->_fieldValues["$fieldName"] = $fieldValue;
> + else {
> + lt_include( PLOG_CLASS_PATH."class/data/textfilter.class.php" );
> + $this->_fieldValues["$fieldName"] = Textfilter::filterAllHTML( $fieldValue );
> + }
>
> // if one of the validations is false, then cancel the whole thing
> $finalValidationResult = $finalValidationResult && $validationResult;
>
> _______________________________________________
> pLog-svn mailing list
> pLog-svn at devel.lifetype.net
> http://limedaley.com/mailman/listinfo/plog-svn
>
--
Jon Daley
http://jon.limedaley.com
~~
What happens if you get scared half to death twice?
More information about the pLog-svn
mailing list