[Zope] Can I trust the variables?
Jan-Frode Myklebust
janfrode@parallab.uib.no
Tue, 27 Mar 2001 08:59:17 +0200
On Mon, Mar 26, 2001 at 08:02:12PM +0200, Dieter Maurer wrote:
> Jan-Frode Myklebust writes:
> > I'm doing a external method that's supposed to zip-up files selected via
> > LocalFS, and I'm wondering if I can trust the special variables set in a
> > request. Can I trust that f.ex. URL/URLn/URLPATHn are from where the external
> > method was called, and not set by the user via http-headers?
> We recently discovered a bug in Zope (--> list archives):
>
> a REQUEST parameter named URL lets Zope create a really
> strange URL.
> In Zope 2.3, URL<i> and friends are not affected.
>
> HTTP Header should not be a problem, as they are prefixed with
> "HTTP_".
>
I'm not sure it I undestood that right.. Where is the URLn variable set? On
the client side, or on the server side after the client has requested an
external method?
-jf