[cgiapp] Re: passing in a param from another runmode

Mark Stosberg mark at summersault.com
Thu May 8 09:39:26 EDT 2008


> > I have a runmode that goes back to "home" when finished:
> >
> >  $self->home;
> >
> >  I would like to send a flag back to "home" (0 for bad and 1 for good) so  a
> > param in home can be set.
> 
> >From the runmode (method) you want to return back to home from, just
> return the output of the home method, like "return
> $self->home($err_code);" (assuming the home method does a
> $tmpl_obj->output().).
> 
> The next problem is if you want the URL of the resulting page to look
> like the user is on the home page (in case they bookmark it). If so,
> you have to set the header_type to redirect (from the runmode (method)
> you want to return to home) to cause the home runmode to be invoked.
> If you want to pass a value, it would have to be on the URL as a
> parameter, or kept as part of the session information for that
> visitor, or stuffed in a cookie.

After trying different variations, I agree with Mark Fuller here, that passing values
through the URL or session is the best way to go.  Benefits include:

- The result is bookmarkable.
- The target page is easier to test, because  you can go directly to that state with a GET,
  rather than first going through the other page.

I do recommend only passing boolean flags to note that you've changed state:

 index?update_success_p=1

This keeps you in total control of the resulting output, while passing anything that then
gets displayed back as HTML is opening you up for an XSS attack.

    Mark

-- 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . 
   Mark Stosberg            Principal Developer  
   mark at summersault.com     Summersault, LLC     
   765-939-9301 ext 202     database driven websites
 . . . . . http://www.summersault.com/ . . . . . . . .




More information about the cgiapp mailing list