|
mod_python user
python at theorb.net
Tue Jul 6 15:28:37 EDT 2004
Gregory (Grisha) Trubetskoy wrote:
>
> This behaviour is part of mod_python.util.FieldStorage class, which is a
> little convenience tool. Protocol compliance is of little or no
> relevance here, since you're free not to use it and process input data
> using your own code or, for example using Python standard library
> FieldStorage.
>
> Also, if I remember it correctly, most relevant RFC's tend to focus on
> the behaviour of the browser (e.g. the user should be warned before a
> POST if you hit reload, but not for GET), and there is nothing there
> about how the form variables should appear to an application.
>
> As to why it processes GET and POST together and GET wins - that's a
> matter of personal preference. I find it convenient to be able to
> override variables in a form by appending them to the URL, and I think
> most user-friendly applications should behave this way, because IMHO
> ability to tinker with the URL is a good thing.
>
Thanks to all for their thoughtful responses.
It seems thoroughly broken to me.
If I define query_vars = [('name', [])] and then print(self.name) I am
looking at the query variable AND the form variable. Both form_vars and
query_vars seem to pick up the other's values when the key names are the
same. If I'm looking for query info I definitely don't want form data
supplied to me.
I'm very strongly of the opinion that they should not be intermixed and
would consider this behavior to be a bug.
Not a rant or flame, just my personal opinion.
Thanks,
Mike Wright
> Some people believe that this should not be allowed because it enables a
> user to alter hidden POST variables, which would otherwise be difficult,
> but this seems to me like a silly argument. There are much more certain
> ways of ensuring that hidden variables have not been modified, e.g. an
> MD5 or SHA signature passed along.
>
> Grisha
>
>
> On Mon, 5 Jul 2004, Jorey Bump wrote:
>
>> mod_python user wrote:
>>
>>> Hi all,
>>>
>>> I'm new to python and consequently mod_python but have discovered the
>>> servlet" package, and actually have a small templated webapp up and
>>> running. Extremely powerful language.
>>>
>>> I would like to be able to retrieve both _form_ and _query_
>>> variables, even if they share the same name. e.g.
>>>
>>> <form method='post' action='/?name=NAME_ONE'>
>>> <input type='hidden' name='name' value='NAME_TWO' />
>>> <input type='submit' />
>>> </form>
>>>
>>> It seems that when both a GET and POST variable share the same name
>>> that the GET (query) variable always wins.
>>>
>>> Does anybody know how this might be accomplished?
>>
>>
>> I don't know about servlets, but mod_publisher returns a list:
>>
>> ['NAME_ONE', 'NAME_TWO']
>>
>> I don't know what causes this behaviour. Since only a POST request is
>> sent, not a GET, I would expect any arguments in the URL to be ignored
>> and only variables in the message body to be recognized.
>>
>> I'd find out if this follows some kind of standard before relying on
>> the order the values appear in a list. It could be arbitrary or
>> undocumented (and therefore unpredictable).
>> _______________________________________________
>> Mod_python mailing list
>> Mod_python at modpython.org
>> http://mailman.modpython.org/mailman/listinfo/mod_python
>>
> _______________________________________________
> Mod_python mailing list
> Mod_python at modpython.org
> http://mailman.modpython.org/mailman/listinfo/mod_python
>
>
|