Problem with new formvariables

This WebDNA talk-list message is from

2000


It keeps the original formatting.
numero = 31143
interpreted = N
texte = I missed the release of the beta by at least of week, so I do not know if this has beed debated here.It seems that the new WC does not want to import the formvariables naturally as it used to do before.Which makes it not downward compatible at least for one thing.Example: [text]VAR =[/text]
VAR=
On the first display, VAR is undefined by the first [text] context, therefore the input field shows nothing. Enter something, click on submit, and, in WC 3.0, you will be able to see what you typed.THis is useful if somebody made a mistake in one of the fields of a form: he/she will not have to retype the information that was correct.Now, it does not seem to work like that anymore.Undefining [VAR] to nothing will bypass the content of the formvariable [VAR].So, now, a lot of my scripts will not work properly... And there are a lot of them that exploit the old feature of webcat...Check http://www.paredu.com/login.html - Enter a login and a password: since you do not have a login yet, that if will do is tell you made a mistake and display the login you just entered (not the password, for security reasons). The web server still uses WC 3.0.Now, with 4.0, on my development server, this does not work anymore. About the security problem with the formvariables that could be added to a URL in order to bypass the content of the test variables uses in a script, I proposed the idea of a different naming for variables that could NOT by bypassed, like variables beginning with a $.For instance: [$UserIsAdministrator] could not be bypassed by adding &$UserIsAdministrator=T at the end of the URL (or rather &%24UserIsAdministrator=T)Thank you for thinking about making our web applications under WebCatalog more secure, but please, think about those who do not want to spend several days to reprogram their form scripts. ############################################################# This message is sent to you because you are subscribed to the mailing list . To unsubscribe, E-mail to: To switch to the DIGEST mode, E-mail to To switch to the INDEX mode, E-mail to Send administrative queries to Associated Messages, from the most recent to the oldest:

    
  1. Re[5]: Problem with new formvariables (jpeacock@univpress.com 2000)
  2. Re[3]: Re[3]: Problem with new formvariables (jpeacock@univpress.com 2000)
  3. Re[2]: Re[3]: Problem with new formvariables (jpeacock@univpress.com 2000)
  4. Re[4]: Problem with new formvariables (jpeacock@univpress.com 2000)
  5. Re[2]: Re[3]: Problem with new formvariables (jpeacock@univpress.com 2000)
  6. Re: Re[4]: Problem with new formvariables (Rob Marquardt 2000)
  7. Re: Re[2]: Re[3]: Problem with new formvariables (Jesse Proudman 2000)
  8. Re: Re[3]: Problem with new formvariables (Mike Davis 2000)
  9. Re: Re[3]: Problem with new formvariables (Jesse Proudman 2000)
  10. Re: Re[3]: Problem with new formvariables (Nicolas Verhaeghe 2000)
  11. Re: Re[3]: Problem with new formvariables (Jesse Proudman 2000)
  12. Re: Re[3]: Problem with new formvariables (Nicolas Verhaeghe 2000)
  13. Re[3]: Problem with new formvariables (jpeacock@univpress.com 2000)
  14. Re[2]: Problem with new formvariables (jpeacock@univpress.com 2000)
  15. Problem with new formvariables (Nicolas Verhaeghe 2000)
I missed the release of the beta by at least of week, so I do not know if this has beed debated here.It seems that the new WC does not want to import the formvariables naturally as it used to do before.Which makes it not downward compatible at least for one thing.Example: [text]VAR =[/text]
VAR=
On the first display, VAR is undefined by the first [text] context, therefore the input field shows nothing. Enter something, click on submit, and, in WC 3.0, you will be able to see what you typed.THis is useful if somebody made a mistake in one of the fields of a form: he/she will not have to retype the information that was correct.Now, it does not seem to work like that anymore.Undefining [VAR] to nothing will bypass the content of the formvariable [VAR].So, now, a lot of my scripts will not work properly... And there are a lot of them that exploit the old feature of webcat...Check http://www.paredu.com/login.html - Enter a login and a password: since you do not have a login yet, that if will do is tell you made a mistake and display the login you just entered (not the password, for security reasons). The web server still uses WC 3.0.Now, with 4.0, on my development server, this does not work anymore. About the security problem with the formvariables that could be added to a URL in order to bypass the content of the test variables uses in a script, I proposed the idea of a different naming for variables that could NOT by bypassed, like variables beginning with a $.For instance: [$UserIsAdministrator] could not be bypassed by adding &$UserIsAdministrator=T at the end of the URL (or rather &%24UserIsAdministrator=T)Thank you for thinking about making our web applications under WebCatalog more secure, but please, think about those who do not want to spend several days to reprogram their form scripts. ############################################################# This message is sent to you because you are subscribed to the mailing list . To unsubscribe, E-mail to: To switch to the DIGEST mode, E-mail to To switch to the INDEX mode, E-mail to Send administrative queries to Nicolas Verhaeghe

DOWNLOAD WEBDNA NOW!

Top Articles:

Talk List

The WebDNA community talk-list is the best place to get some help: several hundred extremely proficient programmers with an excellent knowledge of WebDNA and an excellent spirit will deliver all the tips and tricks you can imagine...

Related Readings:

[WebDNA] Should I be able to use [setmimeheader name=Content-Type ? (2018) F3 crashing server (1997) RE: can we get string variables? (1998) Signal Raised Error (1997) Templates on Unix & CGI on Mac? (1997) Data Type Search Problem (2004) Server crashes when user saves or views html source (1998) What am I missing (1997) Make sure I understand this??? (1997) [WebDNA] [Delete] doesn delete all... (2009) First postarg not taking in $Commands (1997) [group] ? (1997) Picking a random entry from a .db (2001) ShowNext example for GeneralStore (1997) [WebDNA] Working WebDNA 7 configuration (2011) Affiliate Marketing Question #2 (1998) Close Databases Crash? (1998) Allowed fields in formulas.db (1998) Emailer again (1997) WebSTAR/WebCat is serving .db files! (1999)