cocoon-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Olivier Lange" <w...@petit-atelier.ch>
Subject RE: read the map:parameter parameters
Date Tue, 09 Sep 2003 19:40:28 GMT
> but it IS secure because all cocoon: URLs are internal only and cannot
> be accessed with a browser request.

I believe that the URIs are internal and hence secure only if you match them
in an internal *pipeline*. You need to specify this explcitely at the
pipeline level with the 'internal-only' attribute:

<map:pipeline internal-only="true">
  <map:match pattern="Search/find">
    ...
    </map:match>
</map:pipeline>

Olivier


-----Message d'origine-----
De : Tim Olson [mailto:tim@myadguys.com]
Envoyé : mardi, 9. septembre 2003 21:09
À : 'users@cocoon.apache.org'
Objet : RE: read the map:parameter parameters


i'm no expert, but isn't it as simple as:
<map:match pattern="Search/find">
  <generate src="{role}/blah/blah"/>
  ...
</map:match>

also, you said
> <map:generate src="cocoon://Search/find?role=myrole/>
>
> but this is not very secure cause everyone could set the role in which
> he want want to search!

but it IS secure because all cocoon: URLs are internal only and cannot be
accessed with a browser request.


> -----Original Message-----
> From: Frederic Gaus [mailto:necroshine@necroshine.de]
> Sent: Monday, September 08, 2003 5:05 AM
> To: users@cocoon.apache.org
> Subject: read the map:parameter parameters
>
>
> hi all!
>
> maybe it is trivial - but I don't get it...
>
> I have a pipeline like this:
>
> <map:match pattern="search">
>   <map:generate src="cocoon://Search/find">
>     <map:parameter name="role" value="myrole"/>
>   </map:generate>
>   <map:transform src=".."/>
>   ...
> </map:match>
>
> in the pipeline cocoon://Search/find I want to read out this
> parameter..
> how do I do this?? I think with the module request-param it is not
> possible...
>
> of cause I could write something like
>
> <map:generate src="cocoon://Search/find?role=myrole/>
>
> but this is not very secure cause everyone could set the role in which
> he want want to search!
>
> Who can help me
>
> Thank you
>
> Freddy
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: users-unsubscribe@cocoon.apache.org
> For additional commands, e-mail: users-help@cocoon.apache.org
>


---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@cocoon.apache.org
For additional commands, e-mail: users-help@cocoon.apache.org


Mime
View raw message