create new tag
, view all tags

Feature Proposal: CGI object should handle the a method like CPAN:CGI


At least 5 plugins don't work or have to upgrade to work again with TWiki >=5.0

Description and Documentation

Before TWiki 5.0 it was no problem to get a CGI object (TWiki::Func::getCgiQuery()) and to create HTML code like <a href="http://www.w3.org/">link</a> with a statement like $cgi->a({-href=>"http://www.w3.org/"},'link');



WhatDoesItAffect: API, Plugins


-- Contributors: DanielRohde - 2010-08-19


Sensible request. Can be safely done for patch release, e.g. TWiki-5.0.1

-- PeterThoeny - 2010-08-19

After my upgrade session for 6 plugins I've found much more unsupported methods for HTML generation. I solved that by creating my own empty CGI object.

I (and others maybe too) need a secure way to generate HTML code in plugins. This protects TWiki against defacements, XSS attacks and so on. But it is an ugly way to handle POST/GET query parameters with TWiki's own CGI and create a fat CPAN:CGI object for HTML generation. I don't know whats happen if CPAN:CGI and TWikis own CGI implementation working parallel, and how secure is TWikis POST/GET parameter handling.

-- DanielRohde - 2010-08-20

Daniel, I appreciate making your plugins compatible with the existing TWiki-5.0.0!

I do not know what the motivation was to re-implement an incomplete CGI class, I assume there have been reasons besides NIH. A simple solution might be to have CPAN:CGI the superclass of TWiki's CGI.

-- PeterThoeny - 2010-08-20

Edit | Attach | Watch | Print version | History: r4 < r3 < r2 < r1 | Backlinks | Raw View | Raw edit | More topic actions
Topic revision: r4 - 2010-08-20 - PeterThoeny
  • Learn about TWiki  
  • Download TWiki
This site is powered by the TWiki collaboration platform Powered by Perl Hosted by OICcam.com Ideas, requests, problems regarding TWiki? Send feedback. Ask community in the support forum.
Copyright © 1999-2018 by the contributing authors. All material on this collaboration platform is the property of the contributing authors.