I wonder if the following behaviour of cgi.rb is deliberate?
If I have a cgi radio_button element like:
cgi.radio_button("radioname")
where the radio button is unchecked, then I post into the cgi form a name value pair for radioname like:
radioname=something
and get:
<INPUT TYPE="radio NAME="radioname">
for output...
it seems to me that the cgi.rb should print out the value attribute of "somthing" in the html output instead of just printing the prior state of the form.
something like:
<INPUT TYPE="radio" NAME="radioname" VALUE="something">
instead of just:
<INPUT TYPE="radio NAME="radioname">
Am I missing something here?
Why wont cgi.rb capture the state of values posted into it?
Thanks,
-Cere
Cere Davis wrote:
I wonder if the following behaviour of cgi.rb is deliberate?
If I have a cgi radio_button element like:
cgi.radio_button("radioname")
Check the documentation at:
RDoc Documentation
for the API of the CGI module.
Direct link:
http://www.ruby-doc.org/stdlib/libdoc/cgi/rdoc/classes/CGI/HtmlExtension.html#M000044
where the radio button is unchecked, then I post into the cgi form a name value pair for radioname like:
radioname=something
and get:
<INPUT TYPE="radio NAME="radioname">
for output...
it seems to me that the cgi.rb should print out the value attribute of "somthing" in the html output instead of just printing the prior state of the form.
You are asking the CGI module to automatically retain the selected value attribute passed as a parameter into the new form? Why should it? It may be a completely different form, where the name has other semantics.
The CGI API requires the selected value to be explicitly given, which is the correct and safe way to do it. (Your suggestion reminded me of PHP and the automatically mapping to globals variables it used to have.)
Why wont cgi.rb capture the state of values posted into it?
Yes it does, as you may retrieve them from the CGI instance. But it does not assume that the form you generate using it is the same form your input values came from. That is plain dangerous regarding cross-site scripting and other nefarious activities people abusing your system would just love.
However, there is nothing stopping you from writing your own modifications to the cgi module doing what you want. (I.e. all default values are taken from the input parameters if nil.) But please understand that this means that _default_ values in your form may be from external sources and thus dangerous!
···
--
(\[ Kent Dahl ]/)_ _~_ _____[ Kent Dahl - Kent Dahl ]_____/~
))\_student_/(( \__d L b__/ Master of Science in Technology )
( \__\_õ|õ_/__/ ) _) Industrial economics and technology management (
\____/_ö_\____/ (____engineering.discipline_=_Computer::Technology___)
Ah, I think I understand your point here. And there is any easy way to make the form fields represent what is being posted in.
This is not so easy for checkboxes and radio buttons though. It seems that in the case where a users wants this type of behavior
there should be some kind of option to at least allow the checkboxes to show up as checked if the attribute value is true.
You are asking the CGI module to automatically retain the selected value attribute passed as a parameter into the new form? Why should it? It may be a completely different form, where the name has other semantics.
The CGI API requires the selected value to be explicitly given, which is the correct and safe way to do it. (Your suggestion reminded me of PHP and the automatically mapping to globals variables it used to have.)
>> However, there is nothing stopping you from writing your own modifications to the cgi module doing what you want. (I.e. all default values are taken from the input parameters if nil.) But please understand that this means that _default_ values in your form may be from external sources and thus dangerous!
I don't think there is anything inherently dangerous about making a forms physical appearence update to represent the values that are posted in as long as no javascript type action is taken on valus submitted to the form by default. It what you do with those values afterwards that matters.
Actually, I am working on this but but I am new to this and am trying figuring out how to override a function in the cgi library at the moment....
I have a thing like:
class CGI
def checkbox((name = "", value = nil, checked = nil)
....stuff in place of the default behavior of cgi.rb checkbox
end
end
But my code doesn't seem to recognize this overriden function. Does anyone know how I can override functions like this?
Thanks,
-Cere
Cere Davis wrote:
Actually, I am working on this but but I am new to this and am trying figuring out how to override a function in the cgi library at the moment....
I have a thing like:
class CGI
def checkbox((name = "", value = nil, checked = nil)
....stuff in place of the default behavior of cgi.rb checkbox
end
end
But my code doesn't seem to recognize this overriden function. Does anyone know how I can override functions like this?
If this is in a script run by mod_ruby or eruby, then it may be that you are actually creating a different CGI class in a anonymous module.
On the other hand, if its run like a regular CGI script, I don't think this should be a problem.
Have you tried inheriting from the CGI class instead?
class MyCGI < CGI
def checkbox # etc
end
end
Another option is to put your method definitions in a module and extending your actual CGI object dynamically...
module MyCGIExt
def checkbox # etc
end
end
cgi = CGI.new
cgi.extend MyCGIExt
These last two should work properly in a mod_ruby/eruby environment, AFAIK. HTH.
···
--
(\[ Kent Dahl ]/)_ _~_ _____[ Kent Dahl - Kent Dahl ]_____/~
))\_student_/(( \__d L b__/ Master of Science in Technology )
( \__\_õ|õ_/__/ ) _) Industrial economics and technology management (
\____/_ö_\____/ (____engineering.discipline_=_Computer::Technology___)