Dylan Reinhardt wrote:
<dtml-if form_submitted> <dtml-var "my_report_maker(REQUEST)"> <dtml-else> <form method=post action=my_report> <input type=hidden name=form_submitted value=1> <input type=hidden name=UID value=<dtml-var UID>> <input type=hidden name=skin value=<dtml-var skin>>
Those last two lines should read: <input type="hidden" name="UID" value="&dtml-UID;" /> <input type="hidden" name="skin" value="&dtml-skin;" /> When giving examples, I find it best to refrain from introducting blatant cross site scripting holes. -- Jamie Heilman http://audible.transient.net/~jamie/ "You came all this way, without saying squat, and now you're trying to tell me a '56 Chevy can beat a '47 Buick in a dead quarter mile? I liked you better when you weren't saying squat kid." -Buddy