[Catalyst] Picking template type based on input

Bill Moseley moseley at hank.org
Mon Mar 29 02:20:32 GMT 2010


On Sun, Mar 28, 2010 at 6:05 PM, Tomas Doran <bobtfish at bobtfish.net> wrote:

>
> On 29 Mar 2010, at 01:06, Bill Moseley wrote:
>
>>
>> I do this -- every POST must include token, and the token can only be us=
ed
>> once.  That means the the form must be fetched before bing posted (to
>> generate the token).
>>
>
> Have anything generic you'd care to share? :)


Nothing generic -- and it's not rocket science, either.  Or very glamorous.
 I simply have a template macro for creating my <form> tag which also
includes the hidden field with the token id.

Then part of form validation processed used for every post I check that the
token was provided and is valid.  The token is either in the database or in
memcached.  (I have a form_posted() method that does this check, along check
for the correct method (PUT or POST) .)




> The issue is that if you're generating a form in javascript, and submitti=
ng
> it in javascript, then something finding forms in the page output (and
> adding a token automatically), which was what I initially suggested - wou=
ld
> fail to find the form, and ergo you'd have an issue :)
>
> (i.e. it couldn't 'just work automatically' in that case without the
> application collaborating in some manor).


I think I get it.

Thanks,


>
> --
Bill Moseley
moseley at hank.org
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.scsys.co.uk/pipermail/catalyst/attachments/20100328/00ff8=
bc7/attachment.htm


More information about the Catalyst mailing list