Back to page

− Links


XOOPSCubeLegacy​/Reference​/ValueMethodologyOverview :: Web Application Platform



Value Methodology Overview anchor.png[2]

In a web programing, developers have to handle values correctly to prevent security holes which are from html. For that, XOOPS Cube has the policy to handle raw values which are not escaped, in program source code. And, in template files, these values are escaped with modifiers. This policy is called "Raw Value Policy".

However, under XOOPS Cube Legacy, this policy is not perfect, because XOOPS 2.0.x does not have uniformed policy about handling values. Therefore, developers have to notice the following exceptions.

Page Top

adminmenu anchor.png[3]

Adminmenu is an array which contains submenu in the control panel. $adminmenu['link'] has URL string, but XOOPS 2.0.x does not escape this value. Therefore, developers handle them as escaped values.

$adminmenu['link'] = "./index.php?action=Edit&mode=new";

But, you can have unescaped values (raw values) with clear indication of "escaped false".

$adminmenu[0]['link'] = "./index.php?action=Edit&mode=new";
$adminmenu[0]['escaped'] = false;

This use is realized by templates. Therefore, when you write override templates, your templates have to implement this use.

Last-modified: 2007-02-20 (Tue) 11:03:11 (JST) (4720d) by minahito