26 Mar
2001
26 Mar
'01
6:02 p.m.
Jan-Frode Myklebust writes:
I'm doing a external method that's supposed to zip-up files selected via LocalFS, and I'm wondering if I can trust the special variables set in a request. Can I trust that f.ex. URL/URLn/URLPATHn are from where the external method was called, and not set by the user via http-headers? We recently discovered a bug in Zope (--> list archives):
a REQUEST parameter named URL lets Zope create a really strange URL. In Zope 2.3, URL<i> and friends are not affected. HTTP Header should not be a problem, as they are prefixed with "HTTP_". Dieter