[Catalyst] Formbuilder Plugin: are the $c->form->fields from the config.fb or from the query params?

John Napiorkowski jjn1056 at yahoo.com
Mon Sep 25 23:23:33 CEST 2006


According to the documentation for Formbuilder, you
can use $c->form->field to retrieve a listing of all
the field names and values.  My question is this; is
this hash filtered against your *.fb configuration
file or will it be populated from anything that shows
up in the query parameters?

It matters to me for security reasons.  My experiences
seem to indicate that it is indeed limited to the
form.fb configuration file but I'm not sure from
looking at the source code.

The reason I'd like to know this is that for most of
my simple forms (and I have a lot of them) I do things

my @fields = (qw/title summary/);

$c->form->field(name => $_, value => $wiki->$_) for

where $wiki is a DBIx::Row.  I'd like to know if it's
safe to autogenerate that @fields from
$c->form->field.  If that is going to be anything from
the query parameters than I can't trust it, but if it
comes from the *.fb file I control then I can.


Do You Yahoo!?
Tired of spam?  Yahoo! Mail has the best spam protection around 

More information about the Catalyst mailing list