cgi maintaining state information

C

Cere Davis

I wonder if the following behaviour of cgi.rb is deliberate?

If I have a cgi radio_button element like:

cgi.radio_button("radioname")

where the radio button is unchecked, then I post into the cgi form a
name value pair for radioname like:

radioname=something

and get:

<INPUT TYPE="radio NAME="radioname">

for output...

it seems to me that the cgi.rb should print out the value attribute of
"somthing" in the html output instead of just printing the prior state
of the form.

something like:

<INPUT TYPE="radio" NAME="radioname" VALUE="something">

instead of just:
<INPUT TYPE="radio NAME="radioname">

Am I missing something here?

Why wont cgi.rb capture the state of values posted into it?

Thanks,
-Cere
 
Y

Yukihiro Matsumoto

Hi,

In message "cgi maintaining state information"

|I wonder if the following behaviour of cgi.rb is deliberate?

<Snip>

Show us the code, and expected result from it.

matz.
 
K

Kent Dahl

Cere said:
I wonder if the following behaviour of cgi.rb is deliberate?

If I have a cgi radio_button element like:

cgi.radio_button("radioname")
Click to expand...

Check the documentation at:
http://www.ruby-doc.org/stdlib/
for the API of the CGI module.

Direct link:
http://www.ruby-doc.org/stdlib/libdoc/cgi/rdoc/classes/CGI/HtmlExtension.html#M000044
where the radio button is unchecked, then I post into the cgi form a
name value pair for radioname like:

radioname=something

and get:

<INPUT TYPE="radio NAME="radioname">

for output...

it seems to me that the cgi.rb should print out the value attribute of
"somthing" in the html output instead of just printing the prior state
of the form.
Click to expand...

You are asking the CGI module to automatically retain the selected value
attribute passed as a parameter into the new form? Why should it? It may
be a completely different form, where the name has other semantics.

The CGI API requires the selected value to be explicitly given, which is
the correct and safe way to do it. (Your suggestion reminded me of PHP
and the automatically mapping to globals variables it used to have.)

Why wont cgi.rb capture the state of values posted into it?
Click to expand...

Yes it does, as you may retrieve them from the CGI instance. But it does
not assume that the form you generate using it is the same form your
input values came from. That is plain dangerous regarding cross-site
scripting and other nefarious activities people abusing your system
would just love.

However, there is nothing stopping you from writing your own
modifications to the cgi module doing what you want. (I.e. all default
values are taken from the input parameters if nil.) But please
understand that this means that _default_ values in your form may be
from external sources and thus dangerous!
 
C

Cere Davis

Ah, I think I understand your point here. And there is any easy way
to make the form fields represent what is being posted in.
This is not so easy for checkboxes and radio buttons though. It seems
that in the case where a users wants this type of behavior
there should be some kind of option to at least allow the checkboxes to
show up as checked if the attribute value is true.

modifications to the cgi module doing what you want. (I.e. all default
values are taken from the input parameters if nil.) But please
understand that this means that _default_ values in your form may be
from external sources and thus dangerous!


I don't think there is anything inherently dangerous about making a
forms physical appearence update to represent the values that are posted
in as long as no javascript type action is taken on valus submitted to
the form by default. It what you do with those values afterwards that
matters.

Actually, I am working on this but but I am new to this and am trying
figuring out how to override a function in the cgi library at the moment....


I have a thing like:

class CGI

def checkbox((name = "", value = nil, checked = nil)

....stuff in place of the default behavior of cgi.rb checkbox

end
end

But my code doesn't seem to recognize this overriden function. Does
anyone know how I can override functions like this?

Thanks,
-Cere
 
K

Kent Dahl

Cere said:
Actually, I am working on this but but I am new to this and am trying
figuring out how to override a function in the cgi library at the
moment....


I have a thing like:

class CGI

def checkbox((name = "", value = nil, checked = nil)

....stuff in place of the default behavior of cgi.rb checkbox

end
end

But my code doesn't seem to recognize this overriden function. Does
anyone know how I can override functions like this?
Click to expand...

If this is in a script run by mod_ruby or eruby, then it may be that you
are actually creating a different CGI class in a anonymous module.

On the other hand, if its run like a regular CGI script, I don't think
this should be a problem.

Have you tried inheriting from the CGI class instead?
class MyCGI < CGI
def checkbox # etc
end
end

Another option is to put your method definitions in a module and
extending your actual CGI object dynamically...

module MyCGIExt
def checkbox # etc
end
end
cgi = CGI.new
cgi.extend MyCGIExt

These last two should work properly in a mod_ruby/eruby environment,
AFAIK. HTH.
 

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments. After that, you can post your question and our members will help you out.

Ask a Question

Similar Threads

Positioning CSS components 1
Very Basic CC Validation Javascript 0
How can I arrange a series of radio buttons? 2
I dont get this. Please help me!! 2
Only one table shows up with the information 2
How to display input options only after selecting an option from the 'select class' tag JS? 6
"input-group-text" help 7
Check forms With JavaScript 1

Members online

No members online now.
Total: 2,146 (members: 0, guests: 2,146)
Robots: 129

Forum statistics

Threads
474,146
Messages
2,570,832
Members
47,374
Latest member
EmeliaBryc

Latest Threads

Top