Forum OpenACS Development: export_vars -entire_form can be dangerous...

Collapse
1: export_vars -entire_form can be dangerous...
Posted by Mark Aufflick on 06/16/04 03:11 PM
Since export_vars calls subst over your vars (for the case that you want to put square brackets etc in your override strings etc.) if you use the -entire_form flag you might be surprised with the outcome of, say, a content field that happens to have square brackets.

This could lead to bad things...

I suggest that subst should not be applied to values pulled in magically by entire_form - possibly not at all.

opinions?

Collapse
2: Re: export_vars -entire_form can be dangerous... (response to 1)
Posted by Mark Aufflick on 06/16/04 03:26 PM
Excuse my really bad uplevel hacking, but the following does the trick:

replace

set value [uplevel subst \{[lindex $var_spec 1]\}]
with:

set value [uplevel set fasldkjflaskd \{[lindex $var_spec 1]\}]
     if {[info exists form_var_list] && [lsearch [lindex $var_spec 1] $form_var_list]> 0} {
      # don't run subst on auto included form vars                                       
      set value [subst {$value}]
}
Collapse
3: Re: export_vars -entire_form can be dangerous... (response to 1)
Posted by Mark Aufflick on 06/16/04 03:52 PM
Sorry everyone - wasn't thinking that I was working on a 4.2 codebase at the time - exactly this conceptual change has been made much in 5.1 at least.