request.raw_args is just the part of the URL string that comes after the
app/controller/function before web2py parses it into a list (and replaces
some characters with underscores). It doesn't distinguish between parts of
a URL that were generated programmatically and included in a link vs. a URL
that was manually entered by a user. Once the server receives a request for
a URL, it has no way of knowing whether the URL came from a link or was
manually entered. If you want to ensure a given request came from a link
with a URL that was not manipulated, you will have to digitally sign the
URL. Alternatively, you should just put the appropriate access controls in
place.
Anthony
On Wednesday, February 4, 2015 at 11:31:16 AM UTC-5, Alex Glaros wrote:
>
> @Richard - for some reason request.args doesn't work
>
> @Joe - found raw_args by trying to follow Richard's advice about session
> args - as a beginner didn't know where to find, so combed through
> {{=response.toolbar}} and saw the correct arg within raw_args. Maybe
> Massimo can tell us if it raw_args will remain reliable in the future
>
> Appreciate Richard's help - filled many gaps in my knowledge!
>
> Alex
>
--
Resources:
- http://web2py.com
- http://web2py.com/book (Documentation)
- http://github.com/web2py/web2py (Source code)
- https://code.google.com/p/web2py/issues/list (Report Issues)
---
You received this message because you are subscribed to the Google Groups
"web2py-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to web2py+unsubscr...@googlegroups.com.
For more options, visit https://groups.google.com/d/optout.
