sending the first message interface

Discussion re sg development. You don't have to be a developer.

Add the sanitizing of the user-typed field

Postby SysKoll » Tue Feb 10, 2004 1:07 am

Josh,

It looks OK to me. You just need to make sure that whatever the user types in the various fields is not too long and is composed only of accepted characters. This means adding a couple of regexp checks in the Perl code of the "send first message" interface.
-- SysKoll
SysKoll
 
Posts: 889
Joined: Thu Aug 28, 2003 9:24 pm

Postby josh » Tue Feb 10, 2004 6:37 am

I *think* this is handled by CGI.pm, which we're using to get the session variables from, and then DBI.pm sanitized any strings that are destined for the datbase, because we only use parameterized SQL through it.
josh
 
Posts: 1371
Joined: Fri Aug 29, 2003 2:28 pm

Postby josh » Tue Feb 10, 2004 7:17 am

the deed is done...
josh
 
Posts: 1371
Joined: Fri Aug 29, 2003 2:28 pm

Translations broken

Postby SysKoll » Tue Feb 10, 2004 4:14 pm

Josh,

The templates in non-EN languages are broken. This is probably because the dialog names changed (addresslink instead of addresspopup for example).

We should either do a search-and-replace on the dialogs you changed in the latest rev, or send an email to all translators immediately.

Meanwhile, 12,000 people are going to complain that their "show my address" link in the non-US advanced mode is not working.
-- SysKoll
SysKoll
 
Posts: 889
Joined: Thu Aug 28, 2003 9:24 pm

Postby josh » Tue Feb 10, 2004 10:43 pm

the templates are fixed... :)
josh
 
Posts: 1371
Joined: Fri Aug 29, 2003 2:28 pm

Previous

Return to Developers

Who is online

Users browsing this forum: No registered users and 1 guest

cron