[LON-CAPA-dev] Re: [LON-CAPA-cvs] cvs: loncom /interface londocs.pm

Guy Albertelli II lon-capa-dev@mail.lon-capa.org
Fri, 7 Feb 2003 13:10:35 -0500 (EST)


Hi All,

I want to use this commit to reinforce a lesson in programming in for
the web.

If you are building a URL, and that URL contains user provided
information _Please_ use 

&Apache::lonnet::escape()

on the user provided data, it will make sure strange characters are
safely passed around.

     if ($isfolder) {
             $url.='&foldername='.
                 &Apache::lonnet::escape($foldertitle);
     }
     $line.='<td bgcolor="#FFFFBB"><a href="'.$url.'" target="cat_'.$folder.
            '"><img src="/adm/lonIcons/'.
            $icon.'.gif" border="0"></a></td>'.


I would urge you that whenever there is a filed that you can type in
that you put in spaces, $, %, /, :  at a minnimum. These all are rather
bad characters that can break one or anther part of the code.


-- 
guy@albertelli.com          BM: n^20 t20 z20 qS 
Guy Albertelli -7-7-4-  O-
    Having control over myself is nearly as good as having control
    over others.