OFBiz OFBiz - Dev

Secure URLs, sequel...

Previous Topic Next Topic
 
classic Classic list List threaded Threaded
3 messages Options
Jacques Le Roux
Reply | Threaded
Open this post in threaded view
|

Secure URLs, sequel...

Jacques Le Roux
Administrator
We have also  targets with params in forms : look for <<form(.*)target=(.*)\?(.*)=(.*)>> and <<form.(*)\R(.*)target=(.*)\?(.*)=(.*)>>.
So I think we should extend the param-name scheme for forms also...

Jacques
David E Jones-3
Reply | Threaded
Open this post in threaded view
|

Re: Secure URLs, sequel...

David E Jones-3

On Apr 5, 2009, at 5:11 AM, Jacques Le Roux wrote:

> We have also  targets with params in forms : look for  
> <<form(.*)target=(.*)\?(.*)=(.*)>> and <<form.(*)\R(.*)target=(.*)\?
> (.*)=(.*)>>.
> So I think we should extend the param-name scheme for forms also...

If it is a parameter on the form target it is easy, the parameter is  
just a form field... probably a hidden field. In other words we would  
use the form -> field element and the field -> hidden element.

-David

Jacques Le Roux
Reply | Threaded
Open this post in threaded view
|

Re: Secure URLs, sequel...

Jacques Le Roux
Administrator
In reply to this post by Jacques Le Roux
If nobody see a problem with that I will add the same scheme to forms soon, and this this will be backported to R9.04 (security fix)

Jacques

From: "Jacques Le Roux" <[hidden email]>
We have also  targets with params in forms : look for <<form(.*)target=(.*)\?(.*)=(.*)>> and
<<form.(*)\R(.*)target=(.*)\?(.*)=(.*)>>.
So I think we should extend the param-name scheme for forms also...

Jacques


Free forum by Nabble Edit this page