Value Methodology Overview anchor.png

In a web programing, developers have to handle values correctly to prevent security holes which are from html. For that, XOOPS Cube has the policy to handle raw values which are not escaped, in program source code. And, in template files, these values are escaped with modifiers. This policy is called "Raw Value Policy".

However, under XOOPS Cube Legacy, this policy is not perfect, because XOOPS 2.0.x does not have uniformed policy about handling values. Therefore, developers have to notice the following exceptions.

Page Top

adminmenu anchor.png

Adminmenu is an array which contains submenu in the control panel. $adminmenu['link'] has URL string, but XOOPS 2.0.x does not escape this value. Therefore, developers handle them as escaped values.

$adminmenu['link'] = "./index.php?action=Edit&mode=new";

But, you can have unescaped values (raw values) with clear indication of "escaped false".

$adminmenu[0]['link'] = "./index.php?action=Edit&mode=new";
$adminmenu[0]['escaped'] = false;

This use is realized by templates. Therefore, when you write override templates, your templates have to implement this use.

Front page   Freeze Diff Backup Copy Rename ReloadPrint View   New Page Page list Search Recent changes   Help   RSS of recent changes (RSS 1.0) RSS of recent changes (RSS 2.0) RSS of recent changes (RSS Atom) Powered by xpWiki
Counter: 16448, today: 1, yesterday: 0
Princeps date: 2007-02-19 (Mon) 23:13:53
Last-modified: 2007-02-20 (Tue) 11:03:11 (JST) (5200d) by minahito

Welcome | News | Overview | Documentation | Forum | Tutorialstop
Brasilian | French | German | Greek | Japanese | Korean | Russian | T-Chinese
Powered by XOOPS Cube 2001-2011 The XOOPS Cube Project