> That makes sense. Thanks. And then it raises another concern: when in the
> normal form situation, is it possible a user forges an http post without
> several field, in order to bypass the IS_NOT_EMPTY() or whatever validator?
> Is this a security vulnerability?
>
No, because the forged pos
That's the security part of using forms: Web2py doesn't count on what
is coming in the request to make a form and validate.
It counts on your field definitions in form creation time. That's why
we have the fields argument in SQLFORM and in SQLFORM.factory.
When no field is explicitly passed, all f
On Thursday, June 27, 2013 8:52:14 PM UTC+8, Anthony wrote:
>
> On Thursday, June 27, 2013 8:39:23 AM UTC-4, Ray (a.k.a. Iceberg) wrote:
>
>> Thanks for trying to help. But sorry I don't understand how your theory
>> can explain why the 2nd case in my example works and 3rd case didn't.
>>
>
> The
On Thursday, June 27, 2013 8:39:23 AM UTC-4, Ray (a.k.a. Iceberg) wrote:
> Thanks for trying to help. But sorry I don't understand how your theory
> can explain why the 2nd case in my example works and 3rd case didn't.
>
The second case is equivalent to a form including both fields but the user
Thanks for trying to help. But sorry I don't understand how your theory can
explain why the 2nd case in my example works and 3rd case didn't.
On Thursday, June 27, 2013 7:45:48 PM UTC+8, viniciusban wrote:
>
> I think this is expected, because the field.requires property exists
> to be executed
I think this is expected, because the field.requires property exists
to be executed in forms and validate_and_insert() only simulates this
behaviour.
On Thu, Jun 27, 2013 at 7:30 AM, Ray (a.k.a. Iceberg) wrote:
> Hi community,
>
> I'm working with web2py, again. :-)
>
> It took me hours today to
Hi community,
I'm working with web2py, again. :-)
It took me hours today to realize validate_and_insert(field1=value1,
field3=value3, ...) only works for the fields appears, but not for those
absent. Is this a expected behavior or is it considered a bug?
See example.
# -*- coding: utf-8 -*-
d
7 matches
Mail list logo
