424
Comment:
|
← Revision 4 as of 2011-02-15 06:05:17 ⇥
534
converted to 1.6 markup
|
Deletions are marked like this. | Additions are marked like this. |
Line 5: | Line 5: |
This can cause 2 problems: * Some applications (e.g. OpenID) require fields with names like openid.something * Judging from the traceback, maybe there's even a way to inject bad stuff into the context this way ;) |
=== Update === andrewm gave me advice how to solve the openid problem by doing self.locals.openid=albatross.context.Vars() during context class constructor: http://www.object-craft.com.au/pipermail/albatross-users/2007-March/001294.html It worked, but it still feels like a patch to me. Maybe it's an acquired taste :) |
If a url query has a field names that contain a dot (e.g. openid.assoc_handle), bad stuff happens.
For example: try http://www.object-craft.com.au/cgi-bin/alsamp/form4/form.py?funny.field=told+you+so
Update
andrewm gave me advice how to solve the openid problem by doing self.locals.openid=albatross.context.Vars() during context class constructor:
http://www.object-craft.com.au/pipermail/albatross-users/2007-March/001294.html
It worked, but it still feels like a patch to me. Maybe it's an acquired taste