Differences between revisions 1 and 4 (spanning 3 versions)
Revision 1 as of 2007-03-15 17:43:41
Size: 424
Editor: TheDod
Comment:
Revision 4 as of 2011-02-15 06:05:17
Size: 534
Editor: localhost
Comment: converted to 1.6 markup
Deletions are marked like this. Additions are marked like this.
Line 5: Line 5:
This can cause 2 problems:
 * Some applications (e.g. OpenID) require fields with names like openid.something
 * Judging from the traceback, maybe there's even a way to inject bad stuff into the context this way ;)		 === Update ===
andrewm gave me advice how to solve the openid problem
by doing self.locals.openid=albatross.context.Vars() during context class constructor:

http://www.object-craft.com.au/pipermail/albatross-users/2007-March/001294.html

It worked, but it still feels like a patch to me. Maybe it's an acquired taste :)

If a url query has a field names that contain a dot (e.g. openid.assoc_handle), bad stuff happens.

For example: try http://www.object-craft.com.au/cgi-bin/alsamp/form4/form.py?funny.field=told+you+so

Update

andrewm gave me advice how to solve the openid problem by doing self.locals.openid=albatross.context.Vars() during context class constructor:

http://www.object-craft.com.au/pipermail/albatross-users/2007-March/001294.html

It worked, but it still feels like a patch to me. Maybe it's an acquired taste :)

None: UrlQueryParsing (last edited 2011-02-15 06:05:17 by localhost)