[html-formfu] Include Catalyst::Controller::RequestToken in
C::C::HTML::FormFu
Carl Franks
fireartist at gmail.com
Thu Jan 15 14:55:38 GMT 2009
2009/1/15 <onken at houseofdesign.de>:
>
>
>> I really like this idea.
>>
>> I would suggest putting the bulk of the logic in a Plugin
>> (HTML::FormFu::Plugin::RequestToken) that runs during process(), that
>> checks to see if the hidden field exists, and if not adds it, and then
>> checks to see if the constraint exists, and if not adds it.
>>
>> Otherwise, there would be problems with adding the field automatically
>> in C::C::HTML::FormFu, because if fields are added before the form
>> config is loaded, the xhtml will be invalid if the field isn't within
>> a fieldset. And I can't really see any way to handle that nicely for
>> $self->form() which returns a form with no config loaded yet.
>>
>> So the only thing the code in C::C::HTML::FormFu should need to do is
>> add the Plugin to each form during $controller->_common_construction.
>> ( or $controller->_form() if it isn't suitable for MultiForm's - I
>> haven't looked at it closely enough to figure that out).
>> And of course, that would be configurable/
>>
>> So maybe the following config options...
>> request_token_enable # 0 by default
>> request_token_add_plugin # 1 by default
>>
>> Looking at C::C::RequestToken some more... I don't think it would be
>> appropriate for C::C::HTML::FormFu to inherit from C::C::RequestToken
>> - so I think you'd need to make it a requirement that the user's
>> application inherit from C::C::RequestToken.
>>
>
> Hi Carl,
>
> I had closer look at RequestToken and I think we should drop that
> requirement and write it ourselfs. The logic is not that hard and
> RequestToken has some limitations which can cause some trouble. E. g. you
> cannot open form1, open another form2 and submit form1. That will fail
> because RequestToken uses a unique session key for all tokens and opening
> another form2 will overwrite the token of form1.
>
> I will write some code and commit it to svn so we can have a look at it.
> I'll write as much comments as I can to make everything as clear as
> possible.
Ok, that sounds cool.
Carl
More information about the HTML-FormFu
mailing list