[pLog-svn] r6443 - plog/branches/lifetype-1.2/templates/admin

Reto Hugi plog at hugi.to
Mon May 5 17:05:31 EDT 2008


On 05/05/2008 09:05 PM, Reto Hugi wrote:
> now, what I'm trying to do right now is filtering all the params in
> admintemplatedview.class.php before it get's assigned to smarty. I think
> this way, we have filtered out all requests right before the output to
> the browser, and that's exactly where we should do the filtering.
> everything else on a higher level should only be validation (but strict
> validation, so that only really acceptable data get's processed!)
> 

Now that i took a closer look I can't think of anything that would work
on admintemplatedview level. Well, I'll try again later. But at the
moment I think we where doing it write, but not strict enough. We need
to do in the actions.

...and then there is the failed validation issue... no idea yet...


More information about the pLog-svn mailing list