[LON-CAPA-dev] Re: [LON-CAPA-cvs] cvs: loncom /interface londocs.pm
Guy Albertelli II
lon-capa-dev@mail.lon-capa.org
Fri, 7 Feb 2003 13:10:35 -0500 (EST)
Hi All,
I want to use this commit to reinforce a lesson in programming in for
the web.
If you are building a URL, and that URL contains user provided
information _Please_ use
&Apache::lonnet::escape()
on the user provided data, it will make sure strange characters are
safely passed around.
if ($isfolder) {
$url.='&foldername='.
&Apache::lonnet::escape($foldertitle);
}
$line.='<td bgcolor="#FFFFBB"><a href="'.$url.'" target="cat_'.$folder.
'"><img src="/adm/lonIcons/'.
$icon.'.gif" border="0"></a></td>'.
I would urge you that whenever there is a filed that you can type in
that you put in spaces, $, %, /, : at a minnimum. These all are rather
bad characters that can break one or anther part of the code.
--
guy@albertelli.com BM: n^20 t20 z20 qS
Guy Albertelli -7-7-4- O-
Having control over myself is nearly as good as having control
over others.