I will take a patch to fix this. On Tuesday, 20 November 2012 07:00:37 UTC-6, jc wrote: > > You are correct of course, but to quote the book: > > "web2py includes two distinct URL rewrite systems: an easy-to-use > parameter-based system for most use cases, and a flexible pattern-based > system for more complex cases." > > You have to use the pattern based system to avoid the vulnerability, and I > bet most people don't. > > Anyway, thanks for your work-around. Prompted by Jonathan I will look into > using the pattern based system and remove the temporary fix. >
--
