[pLog-svn] r6582 - plog/branches/lifetype-1.2/class/action/admin

Jon Daley plogworld at jon.limedaley.com
Thu Jun 19 12:24:49 EDT 2008


 	Ah, yes, I hadn't realized they were all checkboxes.  I am 
thinking that in 2.0 we should change request->getValue to not be able to 
return a value if it isn't validated.  That way it will be impossible to 
have any further security issues, (except for errors in the validators, 
and developer errors in picking the wrong validator).

On Thu, 19 Jun 2008, Mark Wu wrote:
> For example, the value from checkbox.
>
> We don't need to validate it, we just use:
>
> $checked = ( $this->_$request->getValue("blahblah")  != "" );
>
> So, we don't care about the value it self, we just care about the value
> assigned or not.
>
> This kind of value, we don't validate it.
>
>> -----Original Message-----
>> From: plog-svn-bounces at devel.lifetype.net
>> [mailto:plog-svn-bounces at devel.lifetype.net] On Behalf Of Jon Daley
>> Sent: Thursday, June 19, 2008 11:41 PM
>> To: LifeType Developer List
>> Subject: Re: [pLog-svn] r6582 -
>> plog/branches/lifetype-1.2/class/action/admin
>>
>> On Thu, 19 Jun 2008, Mark Wu wrote:
>>> registerField() only used in addXXXAction, it will bring
>> the value(the
>>> value no need to validate) back to _form.
>>  	Ok, maybe I am starting to understand it.  Why doesn't
>> it need to be validated?
>> _______________________________________________
>> pLog-svn mailing list
>> pLog-svn at devel.lifetype.net
>> http://limedaley.com/mailman/listinfo/plog-svn
>
> _______________________________________________
> pLog-svn mailing list
> pLog-svn at devel.lifetype.net
> http://limedaley.com/mailman/listinfo/plog-svn
>

-- 
Jon Daley
http://jon.limedaley.com
~~
You've got a smarter IQ than I do,
   so that means you're freakin' brilliant.
-- Janet Wightman


More information about the pLog-svn mailing list