[Zope] Can I trust the variables?
Dieter Maurer
dieter@handshake.de
Mon, 26 Mar 2001 20:02:12 +0200 (CEST)
Jan-Frode Myklebust writes:
> I'm doing a external method that's supposed to zip-up files selected via
> LocalFS, and I'm wondering if I can trust the special variables set in a
> request. Can I trust that f.ex. URL/URLn/URLPATHn are from where the external
> method was called, and not set by the user via http-headers?
We recently discovered a bug in Zope (--> list archives):
a REQUEST parameter named URL lets Zope create a really
strange URL.
In Zope 2.3, URL<i> and friends are not affected.
HTTP Header should not be a problem, as they are prefixed with
"HTTP_".
Dieter