[pLog-svn] r6630 - plog/branches/lifetype-1.2/class/action
Reto Hugi
plog at hugi.to
Sun Jun 22 10:12:15 EDT 2008
I think this could be removed in 2.0 because if the designer really
wants unvalidated request data he can always get it from smarty...
jondaley at devel.lifetype.net wrote:
> Author: jondaley
> Date: 2008-06-21 14:55:36 -0400 (Sat, 21 Jun 2008)
> New Revision: 6630
>
> Modified:
> plog/branches/lifetype-1.2/class/action/templateaction.class.php
> Log:
> removed one _request access, added note about template designers need to be careful with unvalidated data. Should we just remove the 'request' in 2.0?
>
> Modified: plog/branches/lifetype-1.2/class/action/templateaction.class.php
> ===================================================================
> --- plog/branches/lifetype-1.2/class/action/templateaction.class.php 2008-06-21 18:54:37 UTC (rev 6629)
> +++ plog/branches/lifetype-1.2/class/action/templateaction.class.php 2008-06-21 18:55:36 UTC (rev 6630)
> @@ -73,8 +73,10 @@
> return false;
> }
> // get the name of the template file and create the view
> - $this->_view = new TemplateView( $this->_blogInfo,
> - $this->_request->getValue( "show" ));
> + $this->_view = new TemplateView( $this->_blogInfo, $templateFile);
> + // NOTE: this passes unvalidated data to the view,
> + // need to validate it in the template if you are
> + // going to use it.
> $this->_view->setValue( "request", $this->_request );
> // add all the common information to the view
> $this->setCommonData();
>
> _______________________________________________
> pLog-svn mailing list
> pLog-svn at devel.lifetype.net
> http://limedaley.com/mailman/listinfo/plog-svn
More information about the pLog-svn
mailing list