[Catalyst] Formbuilder Plugin: are the $c->form->fields from the config.fb or from the query params?
John Napiorkowski
jjn1056 at yahoo.com
Mon Sep 25 23:23:33 CEST 2006
Hi,
According to the documentation for Formbuilder, you
can use $c->form->field to retrieve a listing of all
the field names and values. My question is this; is
this hash filtered against your *.fb configuration
file or will it be populated from anything that shows
up in the query parameters?
It matters to me for security reasons. My experiences
seem to indicate that it is indeed limited to the
form.fb configuration file but I'm not sure from
looking at the source code.
The reason I'd like to know this is that for most of
my simple forms (and I have a lot of them) I do things
like:
my @fields = (qw/title summary/);
$c->form->field(name => $_, value => $wiki->$_) for
@fields;
where $wiki is a DBIx::Row. I'd like to know if it's
safe to autogenerate that @fields from
$c->form->field. If that is going to be anything from
the query parameters than I can't trust it, but if it
comes from the *.fb file I control then I can.
Thanks!
John
__________________________________________________
Do You Yahoo!?
Tired of spam? Yahoo! Mail has the best spam protection around
http://mail.yahoo.com
More information about the Catalyst
mailing list