[Top][All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: Re: [Fastcgipp-users] Re: form handler crashing if posts key missing
|
From: |
ninti |
|
Subject: |
Re: Re: [Fastcgipp-users] Re: form handler crashing if posts key missing |
|
Date: |
Wed, 06 Jan 2010 16:21:06 +1030 |
Yes, you are pushing the limits of my current grasp on fastcgi++ internals, but
I
am starting to read the code and know my way around.
I think a straightforward way to check for the existence of a key regardless of
enctype is useful for server-side validation because end users can never be
relied upon to do anything sanely or as requested. Client-side javascript
validation would help a bit, but a malicious user or user with javascript
disabled could still potentially bring the site down by submitting blank
fields.
BTW, just to clarify: the three fields I have in my contact form are all form
data (type="text", textarea) rather than file data (type="file"), unless I have
not understood you correctly.
Mike
On Wed 06/01/10 10:59 AM , Axel von Bertoldi address@hidden sent:
> Hi there,
>
> Just looked at the relevant code and have found the problem; its
> related to Post::Type. Its not a difficult problem to fix, but might
> be hard to explain so bare with me. Environment::requestVarExists
> checks if post data exists for the associated key and will return true
> if the post data is of type Post::Type::file or Post::Type::form.
> Environment::requestVarGet also checks if post data exists for the
> associated key before retrieving it. However, when I wrote
> requestVarGet I assumed it would only be used for Post::Type::form
> data. I think that was a faulty assumption. So requestVarGet and
> requestVarExists are not consistent.
>
> Mike, strangely, in your above example you have made the same mistake
> I did; you check the existence of post data for the given key, and
> then assume its Post::Type::form data. If its not,
> environment.posts["name"].value will be undefined (or empty, Eddie?)
> and you get a crasher.
>
> So, the solution is to make Environment::requestVarExists and
> Environment::requestVarGet consistent.
>
> Option 1: Change requestVarExists to return true if a value for the
> key exists AND the data is of type Post::Type::form
> Option 2: Change requestVarGet to return the shared array at
> Post::data if the data for the associated key is of type
> Post::Type::file.
>
> Eddie, do you have a preference? I suspect #2 would be more useful.
>
> Cheers,
> axel.
- Re: Re: [Fastcgipp-users] Re: form handler crashing if posts key missing,
ninti <=