[ic] A link from DB
mike at perusion.com
Thu Jul 29 11:31:18 EDT 2004
Quoting Daniel Davenport (ddavenport at newagedigital.com):
> > -----Original Message-----
> > From: interchange-users-bounces at icdevgroup.org
> > [mailto:interchange-users-bounces at icdevgroup.org]On Behalf Of Jon
> > Sent: Tuesday, July 27, 2004 10:16 PM
> > To: interchange-users at icdevgroup.org
> > Subject: [ic] A link from DB
> > I'm trying to create a hyperlink from with in a field in the DB so when
> > one item is displayed via flypage.html there is a link to another item.
> > I've tried various variations of 'area' and 'page' tags with/with out
> > interpolate but it always seems to display the IC tag and not the link.
> > I've read there is a security issue with creating links out of a DB,
> > but didn't see if that applied to a specific release
> > of IC or all IC releases ?
> It applies to any system which can execute code. What you're trying to do
> is a really bad idea--if you could use an [area] or [page] tag, then
> potentially any ITL code could be run, including stuff like [data userdb
> password insert_user_id_here]. As of yet, i don't believe there's a way to
> only interpolate this tag and that tag, and escape all the others.
Actually, there is:
[restrict allow="page area value" interpolate=1]
> If you wanted to, you could have a related_sku or other such field in the
> products table, and instead of trying to put the tag in there, have some
> code like
> [if-item-field related_sku]
> [page [item-field related_sku]][description [item-field related_sku]]</a>
This is by far the best way to do it.
Perusion -- Expert Interchange Consulting http://www.perusion.com/
phone +1.765.647.1295 tollfree 800-949-1889 <mike at perusion.com>
Being against torture ought to be sort of a bipartisan thing.
-- Karl Lehenbauer
More information about the interchange-users