check_for_form_variable_naughtiness (public, deprecated)

 check_for_form_variable_naughtiness name value

Defined in packages/acs-tcl/tcl/deprecated-procs.tcl

Deprecated. Invoking this procedure generates a warning.

stuff to process the data that comes back from the users if the form looked like <input type=text name=yow> and <input type=text name=bar> then after you run this function you'll have Tcl vars $foo and $bar set to whatever the user typed in the form

this uses the initially nauseating but ultimately delicious Tcl system function "uplevel" that lets a subroutine bash the environment and local vars of its caller. It ain't Common Lisp...

This is an ad-hoc check to make sure users aren't trying to pass in "naughty" form variables in an effort to hack the database by passing in SQL. It is called in all instances where a Tcl variable is set from a form variable.

Checks the given variable for against known form variable exploits. If it finds anything objectionable, it throws an error.

Parameters:
name (required)
value (required)

Partial Call Graph (max 5 caller/called nodes):
ad_conn ad_conn (public) ad_log_deprecated ad_log_deprecated (public) ad_parameter_all_values_as_list ad_parameter_all_values_as_list (public, deprecated) ad_script_abort ad_script_abort (public) check_for_form_variable_naughtiness check_for_form_variable_naughtiness check_for_form_variable_naughtiness->ad_conn check_for_form_variable_naughtiness->ad_log_deprecated check_for_form_variable_naughtiness->ad_parameter_all_values_as_list check_for_form_variable_naughtiness->ad_script_abort

Testcases:
No testcase defined.
[ show source ]
Show another procedure: