Problem with new formvariables
This WebDNA talk-list message is from 2000
It keeps the original formatting.
numero = 31143
interpreted = N
texte = I missed the release of the beta by at least of week, so I do not know ifthis has beed debated here.It seems that the new WC does not want to import the formvariables naturallyas it used to do before.Which makes it not downward compatible at least for one thing.Example: [text]VAR =[/text]
On the first display, VAR is undefined by the first [text] context,therefore the input field shows nothing. Enter something, click on submit,and, in WC 3.0, you will be able to see what you typed.THis is useful if somebody made a mistake in one of the fields of a form:he/she will not have to retype the information that was correct.Now, it does not seem to work like that anymore.Undefining [VAR] to nothing will bypass the content of the formvariable[VAR].So, now, a lot of my scripts will not work properly... And there are a lotof them that exploit the old feature of webcat...Check http://www.paredu.com/login.html - Enter a login and a password: sinceyou do not have a login yet, that if will do is tell you made a mistake anddisplay the login you just entered (not the password, for security reasons).The web server still uses WC 3.0.Now, with 4.0, on my development server, this does not work anymore.About the security problem with the formvariables that could be added to aURL in order to bypass the content of the test variables uses in a script, Iproposed the idea of a different naming for variables that could NOT bybypassed, like variables beginning with a $.For instance: [$UserIsAdministrator] could not be bypassed by adding&$UserIsAdministrator=T at the end of the URL (or rather&%24UserIsAdministrator=T)Thank you for thinking about making our web applications under WebCatalogmore secure, but please, think about those who do not want to spend severaldays to reprogram their form scripts.#############################################################This message is sent to you because you are subscribed to the mailing list
.To unsubscribe, E-mail to: To switch to the DIGEST mode, E-mail to To switch to the INDEX mode, E-mail to Send administrative queries to
Associated Messages, from the most recent to the oldest:
I missed the release of the beta by at least of week, so I do not know ifthis has beed debated here.It seems that the new WC does not want to import the formvariables naturallyas it used to do before.Which makes it not downward compatible at least for one thing.Example: [text]VAR =[/text]On the first display, VAR is undefined by the first [text] context,therefore the input field shows nothing. Enter something, click on submit,and, in WC 3.0, you will be able to see what you typed.THis is useful if somebody made a mistake in one of the fields of a form:he/she will not have to retype the information that was correct.Now, it does not seem to work like that anymore.Undefining [VAR] to nothing will bypass the content of the formvariable[VAR].So, now, a lot of my scripts will not work properly... And there are a lotof them that exploit the old feature of webcat...Check http://www.paredu.com/login.html - Enter a login and a password: sinceyou do not have a login yet, that if will do is tell you made a mistake anddisplay the login you just entered (not the password, for security reasons).The web server still uses WC 3.0.Now, with 4.0, on my development server, this does not work anymore.About the security problem with the formvariables that could be added to aURL in order to bypass the content of the test variables uses in a script, Iproposed the idea of a different naming for variables that could NOT bybypassed, like variables beginning with a $.For instance: [$UserIsAdministrator] could not be bypassed by adding&$UserIsAdministrator=T at the end of the URL (or rather&%24UserIsAdministrator=T)Thank you for thinking about making our web applications under WebCatalogmore secure, but please, think about those who do not want to spend severaldays to reprogram their form scripts.#############################################################This message is sent to you because you are subscribed to the mailing list .To unsubscribe, E-mail to: To switch to the DIGEST mode, E-mail to To switch to the INDEX mode, E-mail to Send administrative queries to
Nicolas Verhaeghe
DOWNLOAD WEBDNA NOW!
Top Articles:
Talk List
The WebDNA community talk-list is the best place to get some help: several hundred extremely proficient programmers with an excellent knowledge of WebDNA and an excellent spirit will deliver all the tips and tricks you can imagine...
Related Readings:
[WebDNA] Should I be able to use [setmimeheader name=Content-Type ? (2018)
F3 crashing server (1997)
RE: can we get string variables? (1998)
Signal Raised Error (1997)
Templates on Unix & CGI on Mac? (1997)
Data Type Search Problem (2004)
Server crashes when user saves or views html source (1998)
What am I missing (1997)
Make sure I understand this??? (1997)
[WebDNA] [Delete] doesn delete all... (2009)
First postarg not taking in $Commands (1997)
[group] ? (1997)
Picking a random entry from a .db (2001)
ShowNext example for GeneralStore (1997)
[WebDNA] Working WebDNA 7 configuration (2011)
Affiliate Marketing Question #2 (1998)
Close Databases Crash? (1998)
Allowed fields in formulas.db (1998)
Emailer again (1997)
WebSTAR/WebCat is serving .db files! (1999)