On 02/10/2014 02:53 PM, Gert van Oss wrote:
On 10 Feb 2014, at 14:48, Stefan Hornburg (Racke) <racke@linuxia.de> wrote:
On 02/10/2014 02:37 PM, Gert van Oss wrote:
Hi,
I’m trying to build a small app to comment on images. Probably I’m almost there but currently stuck with updating a ‘file.yml' by a html-form.
I’ve made two routes (shown below) “get ‘/:id/edit’ for showing the form with the particular image to comment on. When hitting save the ‘post ‘/edit’ will be called. My problem is that the post route doesn’t have the $id initialised. Is there someone around who can tell me how to solve this or point to me what I’m doing wrong?
Do you have a hidden from field in your form which passes the id to the post route?
Regards Racke
I don’t have a hidden field. I tried but then still wasn’t successful. (see below.. I skipped some fields)
<form method="post" action="/edit">
<input type="text" name="id" id="id" value="[% data.id %]" disabled="disabled"/>
<textarea name="description" rows="20" cols="20" id="Description">[% data.description %]</textarea>
<input type="submit" name="submit" value="Save" class="submit-button" /> </form>
Ok, so the question is whether the correct id appears in the rendered HTML form and thus is available to the post route? And writing the data from this form directly into your file opens a big hole for XSS if you display the same data on your website. Also we could do some YAML injection :-). Regards Racke -- LinuXia Systems => http://www.linuxia.de/ Expert Interchange Consulting and System Administration ICDEVGROUP => http://www.icdevgroup.org/ Interchange Development Team