Forum OpenACS Q&A: Response to A general-ratings package for OACS

Collapse
Posted by Don Baccus on
Dean ... The convention in the ACS is to pass a "return_url" variable in the querystring. You can build it like this:
http://foo.com/bar?return_url=[ns_urlencode [ad_conn url]?[ad_conn query]]
then you return like this:
ad_page_contract {
    return_url example
} {
    return_url:notnull
}

... do lots of cool stuff ...

ad_returnredirect $return_url

In your case you probably want to use the form builder (despite its flaws - we hope to improve it in the upcoming months) in a template. Doing it this way means the client page can simply include it Also since you're talking about a form obviously you wouldn't pass a query string but rather would pass it as a hidden form variable. The above-mentioned form builder API allows the definition of hidden variables. If you e-mail me I can point you to some pages that use it ...

See acs-subsite/www/shared/confirm.tcl/adp for a templated confirmation page and session-update.tcl in the same directory.

The first is a template that allows a user to answer "yes/no", suitable for including from another template.

The second example's both easier and more complex. It just changes a session property and returns, but it signs and verifies the return_url value and makes sure that the connection referrer value matches the one passed along as one of the parameters. I used it in a project to set some semi-sensitive properties (backed up by permissions checking as the comment in that script suggest one do!) and wanted to lower the chances that someone might spoof the page.