[Date Prev][Date Next][Thread Prev][Thread Next][Minivend by date
][Minivend by thread
]
[mv] passing variable to a result page
****** message to minivend-users from "Chen Naor" <chennaor@netvision.net.il> ******
Hi,
I have an hard coded link that goes like this:
<TR><TD><A HREF="[area her=scan
arg=|
sp=results_p2
se=CATE
sf=category
tf=sort
bs=1
su=1
ml=4
|]" > <B>CATEGORY1</B></A></TD></TR>
This works perfectly, but I also need access to the se (mv_searchspec)
itself in my page in order to include a file which makes part of the result
page. This include is dependant on the se value as I have multiple html
files named by category (CATA, CATB, etc...). And it'll be something like:
[include file="./include/[the-category-name]"]
When I access the mv_searchspec value by using:
[seti cat_name][value-extended name="mv_searchspec" index=0][/seti]
and then [scratch cat_name] I get the variable but I have prepended to it:
(?:^|\ )
1) How do I get rid of the prepended chars?
2) Will the value be sanitized to prevent using the like of
./../../../etc/passwd in the parameter for reading local files?
3) Does the include tag sanitizes the parameters before calling it? I
understand that file does it if NoAbsolute is set to yes, but does include
does the same? If I want to leave NoAbsolute as default if there a way to
manually sanitize the parameters?
Chen.
-
To unsubscribe from the list, DO NOT REPLY to this message. Instead, send
email with 'UNSUBSCRIBE minivend-users' in the body to Majordomo@minivend.com.
Archive of past messages: http://www.minivend.com/minivend/minivend-list
