check_for_form_variable_naughtiness (public, deprecated)

 check_for_form_variable_naughtiness name value

Defined in packages/acs-tcl/tcl/deprecated-procs.tcl

Deprecated. Invoking this procedure generates a warning.

stuff to process the data that comes back from the users if the form looked like <input type=text name=yow> and <input type=text name=bar> then after you run this function you'll have Tcl vars $foo and $bar set to whatever the user typed in the form

this uses the initially nauseating but ultimately delicious Tcl system function "uplevel" that lets a subroutine bash the environment and local vars of its caller. It ain't Common Lisp...

This is an ad-hoc check to make sure users aren't trying to pass in "naughty" form variables in an effort to hack the database by passing in SQL. It is called in all instances where a Tcl variable is set from a form variable.

Checks the given variable for against known form variable exploits. If it finds anything objectionable, it throws an error.

Parameters:

name (required)

value (required)

Testcases:

No testcase defined.