[TYPO3-english] Passing/Assigning/Inserting $GET GPvar to TS Form
Scotty C
superscotty19 at yahoo.com
Tue Apr 7 04:02:12 CEST 2015
Hi Jan,
OK, here's my modified code:
page.10 = FORMpage.10 { data.cObject = COA data.cObject { # GOAL: output "Test value: | test_value=label | <_GET['test']>" # First we generate the static part of the string. 10 = TEXT 10.value = Test Value: | test_value=label | # Then we collect the data from DB 20 = TEXT 20.data = GP : test 20.removeBadHTML = 1 } dataArray { 10.label = Name: 10.type = name=input 20.label = Nachricht: 20.type = nachricht=textarea,40,10 100.type = submit=submit 100.value = Submit! } # end dataArray recipient = test at test.com layout = <div class="some-class">###LABEL### ###FIELD###</div>}
Thanks!-S.
From: Jan Bartels <j.bartels at arcor.de>
To: typo3-english at lists.typo3.org
Sent: Saturday, April 4, 2015 6:03 AM
Subject: Re: [TYPO3-english] Passing/Assigning/Inserting $GET GPvar to TS Form
Am 02.04.2015 um 10:23 schrieb bernd wilke:
> Am 02.04.15 um 01:07 schrieb Scotty C:
>> I know that if I havePHP: $GET['test'] = "hello"
>> ...andpage.10 = TEXTpage.10.data = GP : temp_name
>> ... then output will be "hello"
>
> 30.value.data = GP:test
> or
> 30.value.cObject = TEXT
> 30.value.cObject.data = GP:test
> or
> 30.value = {GP:test}
> 30.value.insertData = 1
All of these solutions will produce XSS-security problems because an
insecure user-input as the URL-parameter 'test' is directly used in the
output. Use something like removeBadHTML on stdWrap.
http://docs.typo3.org/typo3cms/TyposcriptReference/singlehtml/
Jan
_______________________________________________
TYPO3-english mailing list
TYPO3-english at lists.typo3.org
http://lists.typo3.org/cgi-bin/mailman/listinfo/typo3-english
More information about the TYPO3-english
mailing list