[dev] Form.php and enum fields
Chuck Hagenbuch
chuck at horde.org
Mon Jan 6 23:40:52 PST 2003
Quoting Marko <marko at oblo.com>:
> but it's the reason why the isset is being checked that i don't
> understand. if i follow the logic right, the only situation where the !
> isset test will return true and hence trigger the "field required"
> message would be if the $value submitted is not in the <select> values
> list - trapping for a manually altered GET submission?
Or POST. Would you rather leave that hole open?
> what's more, monthyear and monthdayyear types don't do this check...
If it could be exploited there (instead of just getting a different date),
then it should be. Omission elsewhere isn't an argument.
-chuck
--
Charles Hagenbuch, <chuck at horde.org>
"Block Island Ferry - Fastest Route to Downtown"
More information about the dev
mailing list