[Zope] (no subject)
Jay, Dylan
djay@lucent.com
Wed, 14 Apr 1999 11:22:44 +1000
I am trying to update my database using url traversal. I'm pretty sure I
need to give proxy permission in order to do update the database however
there seems no way to do this. eg
I am using a url like this
http://provision.auslabs.lucent.com/cgi-bin/provision.exe/Download/qryComple
teReg/MagicNumber/60330800/completeReg
where qryCompleteReg is
UPDATE users
SET roles = 'Customer'
WHERE username =
( SELECT unregUsers.username
FROM unregUsers
WHERE MagicNumber = <!--#sqlvar MagicNumber type=string-->
)
<!--#var sql_delimiter-->
SELECT users.username, fullName, email
FROM users, unregUsers
WHERE MagicNumber = <!--#sqlvar MagicNumber type=string--> AND
unregUsers.username = users.username
<!--#var sql_delimiter-->
DELETE
FROM unregUsers
WHERE MagicNumber = <!--#sqlvar MagicNumber type=string-->
Testing this sql_mehtod using the manage interface works perfectly but when
I use it from the url above it seems to work however doesn't actually do the
UPDATE or DELETE (The SELECT works however).
Is there something I'm missing or is there a bug.