Smarty Forum Index Smarty
WARNING: All discussion is moving to https://reddit.com/r/smarty, please go there! This forum will be closing soon.

Assign all POST and/or GET values of variables to template
Goto page Previous  1, 2
 
This forum is locked: you cannot post, reply to, or edit topics.   This topic is locked: you cannot edit posts or make replies.    Smarty Forum Index -> Feature Requests
View previous topic :: View next topic  
Author Message
andre
Smarty Pro


Joined: 23 Apr 2003
Posts: 164
Location: Karlsruhe, Germany

PostPosted: Fri Oct 10, 2003 9:26 am    Post subject: Reply with quote

For avoiding CSS (cross side scripting) attacks I am using a very dirty trick Wink
(Trick 17 mit Anschleichen Very Happy):

The superglobals $_POST, $_GET, $_COOKIE, $_FILE and $_REQUEST can be changed by PHP. So I have a small function checking all of them for suspicious code and strip unwanted (css) tags out.
The developers are disencouraged to use $_POST, $_GET directly. But if they do they still won't make the whole system unsecure too much.
The script itself is stolen from PostNuke (www.postnuke.com) and works quite well.
Back to top
View user's profile Send private message
moenm
Smarty Rookie


Joined: 24 Jun 2003
Posts: 5

PostPosted: Thu Nov 13, 2003 7:31 pm    Post subject: No need to write any code Reply with quote

From the docs

http://smarty.php.net/manual/en/language.variables.smarty.request.php

The request information is already available in your templates.

Have fun.
Back to top
View user's profile Send private message
pt2002
Smarty Regular


Joined: 05 May 2003
Posts: 89
Location: Porto, Portugal

PostPosted: Mon May 24, 2004 11:30 am    Post subject: Reply with quote

Hello

Is it possible to use this function bulk_assign) with plugins like html_select_date, html_select_time, html_options, html_checkboxes ?

TIA

Greetings
pt2002
Back to top
View user's profile Send private message
alexkkk
Smarty n00b


Joined: 08 Dec 2007
Posts: 1

PostPosted: Sat Dec 08, 2007 4:06 pm    Post subject: small problem with php get and post Reply with quote

I am not able to assign or check get and post variables.


Register global is on

post1,message are form variables
if i try to check

if ($post1=="Posted")

$post1 contains "Posted"

But i am not getting this as true




<?
echo post1;
echo $message ;
$sql = mysql_connect($config['mysql_host'], $config['mysql_user'], $config['mysql_pass']);
mysql_select_db($config['mysql_name'], $sql);

if($post1=="Posted")
{
$articleAuthor = ucwords(trim($_SESSION['auth']['username']));
$articleTitle = addslashes(trim($title));
$articleMessageIntro = addslashes(nl2br(trim($messageintro)));
$articleMessage = addslashes(nl2br(trim($message)));
$articlePostDate = date("l, F jS, Y \a\\t h:i:s A");
mysql_query("INSERT INTO news (subject, poster, intro, message, date) VALUES ('{$articleTitle}', '{$articleAuthor}', '{$articleMessageIntro}', '{$articleMessage}', '{$articlePostDate}')");

header('Location: jj);
}

mysql_close($sql);

?>
Back to top
View user's profile Send private message
Display posts from previous:   
This forum is locked: you cannot post, reply to, or edit topics.   This topic is locked: you cannot edit posts or make replies.    Smarty Forum Index -> Feature Requests All times are GMT
Goto page Previous  1, 2
Page 2 of 2

 
Jump to:  
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum


Powered by phpBB © 2001, 2005 phpBB Group
Protected by Anti-Spam ACP