Back to page

− Links

 Print 

XOOPSCubeLegacy​/Reference​/ValueMethodologyOverview :: Web Application Platform

wiki:XOOPSCubeLegacy/Reference/ValueMethodologyOverview

XOOPSCubeLegacy[1]

Value Methodology Overview anchor.png[2]

In a web programing, developers have to handle values correctly to prevent security holes which are from html. For that, XOOPS Cube has the policy to handle raw values which are not escaped, in program source code. And, in template files, these values are escaped with modifiers. This policy is called "Raw Value Policy".

However, under XOOPS Cube Legacy, this policy is not perfect, because XOOPS 2.0.x does not have uniformed policy about handling values. Therefore, developers have to notice the following exceptions.

Page Top

adminmenu anchor.png[3]

Adminmenu is an array which contains submenu in the control panel. $adminmenu['link'] has URL string, but XOOPS 2.0.x does not escape this value. Therefore, developers handle them as escaped values.


$adminmenu['link'] = "./index.php?action=Edit&mode=new";

But, you can have unescaped values (raw values) with clear indication of "escaped false".


$adminmenu[0]['link'] = "./index.php?action=Edit&mode=new";
$adminmenu[0]['escaped'] = false;

This use is realized by templates. Therefore, when you write override templates, your templates have to implement this use.


Last-modified: 2007-02-20 (Tue) 11:03:11 (JST) (4720d) by minahito