[Html-widget] Disallow multiple values
Carl Franks
fireartist at gmail.com
Thu Oct 19 11:29:54 CEST 2006
I find I rarely need to support a single param having multiple values
e.g. ?foo=1&foo=2
It's important to remember though that an element can have multiple
values, otherwise if you do something like $db->bind( foo =>
$r->param('foo'), bar => $r->param('bar') )
you've just created an opening for sql injection.
I propose a constraint which will only allow a single value - but what
would be really valuable for me would be an option to have it
automatically applied on all elements.
Any suggestions?
You could first add all elements you want constrained, and then do
map { $w->constraint( 'SingleValue', $_->name ) } $w->get_elements;
but life's too short to type that out more than once!
What about a $w->constraint_all() method which is used like
$w->constraint(), but doesn't take a name parameter and doesn't do
anything until during $w->process() when all elements have been added.
It might make sense to also have the filtering equivalent: $w->filter_all().
Carl
More information about the Html-widget
mailing list