mike at perusion.com
Thu Oct 12 13:12:48 EDT 2006
Quoting Mailing Lists (lists at gmnet.net):
> On Thu, 2006-10-12 at 17:18 +0200, Stefan Hornburg wrote:
> > graham hadgraft wrote:
> > > I want to loop thorgh a piece of code a set number of times as
> > > specified from a cgi variable. reading the documentation i cannot
> > > work out how to do this.
> > >
> > > I have a form on the previous page that a user specifies an integer.
> > > On the next page i want to loop though a piece of code n times where n
> > > is the integer set on the previous page
> > Basically:
> > [loop ranges="1" list="1..[cgi user_number]"]
> > Number is [loop-code]<br>
> > [/loop]
> > Please make sure that [cgi user_number] is limited, otherwise
> > this code can be cause waste of your server resources.
> > Bye
> > Racke
> Also always filter that cgi!! (entities) or people can inject code...
In general, this is a very good idea, and it should certainly be done
as part of the range checking Racke mentioned. In fact, if you wanted
to limit it to 99 you could do:
number, after filtering: [cgi name=user_number filter="digits"] <br>
[if cgi user_number > 100]
Too high a number.
[elsif cgi user_number < 1]
Too low a number.
Number is [loop-code]
To be clear, though, when you something in a quoted parameter to another
tag it is not one of those cases where code can be injected.
Perusion -- Expert Interchange Consulting http://www.perusion.com/
phone +1.765.647.1295 tollfree 800-949-1889 <mike at perusion.com>
"Laughter is inner jogging." -- Norman Cousins
More information about the interchange-users