[ic] perl code in mv_check gets executed despite verification
failure
Ed LaFrance
interchange-users@icdevgroup.org
Thu Feb 20 11:52:01 2003
At 10:51 AM 02/20/2003 +0000, you wrote:
>Ed LaFrance wrote:
>
>>
>>mv_check execution is not predicated on all form checks passing
>>successfully; mv_check gets parsed after IC data structures are updated
>>by the from submission, that is all. Your explanation above does not
>>clearly explain how you expect to conditionally parse the mv_check
>>target. As is always the case with Interchange, there are many ways. For
>>instance, you could use &success=somepage to pass execution through
>>somepage.html if the form passes all checks, and execute your code there.
>>
>>- Ed L.
>Problem with that is that people would be able to get at somepage.html and
>execute the code anyway:(
>
>thanks for the help
>
>John
That can be prevented; for instance:
[set yourprofile]
...
&success=../special_pages/somepage.html
[/set]
..AFAIK it is not possible to get a page from the special_pages dir by
constructing a simple URL with no query strings, so that would prevent
people from arbitrarily hitting it. To stop someone who might be inclined
to send a form via a query string to get at it, you can just use &calc to
set a flag in the profile to show that execution was sent to the special
page from the proper method:
[set yourprofile]
&calc = delete $CGI->{ok_to_parse}; 1; # can't hurt, I would think
...
&success=../special_pages/somepage.html
&calc = $CGI->{ok_to_parse} = '1';
[/set]
...then on special_pages/somepage.html
[if cgi ok_to_parse]
# do stuff
[else]
# hey, get lost!
[bounce page=index]
[/else]
[/if]
- Ed L.
===============================================================
New Media E.M.S. Technology Solutions for Business
463 Main St., Suite D eCommerce | Consulting | Hosting
Placerville, CA 95667 edl@newmediaems.com
(530) 622-9421 http://www.newmediaems.com
(866) 519-4680 Toll-Free (530) 622-9426 Fax
===============================================================