[TYPO3-project-4-3] admin panel - why are the form options duplicated?
Martin Kutschker
masi-no at spam-typo3.org
Tue Jul 7 08:45:08 CEST 2009
Jigal van Hemert schrieb:
> Hi Masi,
>
> Martin Kutschker wrote:
>> This would no be a problem if the code would check the expected form
>> fields and not the ones sent. So any field not present means "not set".
>
> With more complicated forms and interaction on the client side (AJAX,
> DOM manipulation) it can become rather difficult for the script that
> handles the submitted data to know what to expect.
It is a must for the server-side to know what to expect. Accepting any
values a client submits is a security risk. Granted, in this case I
don't see any, but you know what I mean.
> The behaviour of checkboxes is rather odd; they can be checked, not
> checked or disabled. In the latter two cases the should not be sent to
> the server (they are not 'successful'). In case a checkbox is cleared
> the value should be unset, but in the case that a checkbox is disabled
> (e.g. by a piece of Javascript) the value should not be changed. How can
> you tell the difference?
You're right, but in the case of the admin panel which (currently)
displays always all options there is no difference between not-set and
value=0.
Masi
More information about the TYPO3-project-4-3
mailing list