[Catalyst] Picking template type based on input
Bill Moseley
moseley at hank.org
Mon Mar 29 02:20:32 GMT 2010
On Sun, Mar 28, 2010 at 6:05 PM, Tomas Doran <bobtfish at bobtfish.net> wrote:
>
> On 29 Mar 2010, at 01:06, Bill Moseley wrote:
>
>>
>> I do this -- every POST must include token, and the token can only be us=
ed
>> once. That means the the form must be fetched before bing posted (to
>> generate the token).
>>
>
> Have anything generic you'd care to share? :)
Nothing generic -- and it's not rocket science, either. Or very glamorous.
I simply have a template macro for creating my <form> tag which also
includes the hidden field with the token id.
Then part of form validation processed used for every post I check that the
token was provided and is valid. The token is either in the database or in
memcached. (I have a form_posted() method that does this check, along check
for the correct method (PUT or POST) .)
> The issue is that if you're generating a form in javascript, and submitti=
ng
> it in javascript, then something finding forms in the page output (and
> adding a token automatically), which was what I initially suggested - wou=
ld
> fail to find the form, and ergo you'd have an issue :)
>
> (i.e. it couldn't 'just work automatically' in that case without the
> application collaborating in some manor).
I think I get it.
Thanks,
>
> --
Bill Moseley
moseley at hank.org
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.scsys.co.uk/pipermail/catalyst/attachments/20100328/00ff8=
bc7/attachment.htm
More information about the Catalyst
mailing list