Index: doc/howto.txt ================================================================== --- doc/howto.txt +++ doc/howto.txt @@ -143,5 +143,14 @@ (s:get-input 'email-address) To preserve the input simply do a set of the value on the 'name field: (s:set! "email-address" "matt@kiatoa.com") +Radio buttons: + + (s:div 'class "col_3" + (s:input 'type "radio" 'id "group-type1" 'name "group-type" 'value "private" 'checked "checked") + (s:label 'for "group-type1" 'class "inline" "Private") + (s:input 'type "radio" 'id "group-type2" 'name "group-type" 'value "public") + (s:label 'for "group-type2" 'class "inline" "Public")) + + (s:get-input 'group-type) ==> returns private or public depending on which is selected. Index: session.scm ================================================================== --- session.scm +++ session.scm @@ -717,14 +717,35 @@ (define (session:log self . msg) (with-output-to-port (sdat-get-log-port self) ;; (sdat-get-logpt self) (lambda () (apply print msg)))) -(define (session:get-param self key) +;; escape, convert or return raw when given user input data that potentially +;; could be malicious +;; +(define (session:apply-type-preference res params) + (let* ((dtype (if (null? params) + 'escaped + (car params))) + (tags (if (null? params) + '() + (cdr params)))) + (case dtype + ((raw) res) + ((number) (if (string? res)(string->number res) #f)) + ((escaped) (if (string? res) + (s:html-filter->string res tags) + res)) + (else (if (string? res) + (s:html-filter->string res '()) + res))))) + +(define (session:get-param self key type-params) ;; (session:log s:session "params=" (slot-ref s:session 'params)) - (let ((params (sdat-get-params self))) - (session:get-param-from params key))) + (let* ((params (sdat-get-params self)) + (res (session:get-param-from params key))) + (session:apply-type-preference res type-params))) ;; This one will get the first value found regardless of form ;; param: (dtype [tag1 tag2 ...]) ;; dtype: ;; 'raw : do no conversion @@ -768,11 +789,11 @@ (begin (session:log self "ERROR: formdat: " formdat " is not of class ") #f))))) (define (session:run-actions self) - (let* ((action (session:get-param self 'action)) + (let* ((action (session:get-param self 'action '(raw))) (page (sdat-get-page self))) ;; (print "action=" action " page=" page) (if action (let ((action-lst (string-split action "."))) ;; (print "action-lst=" action-lst) Index: setup.scm ================================================================== --- setup.scm +++ setup.scm @@ -47,12 +47,12 @@ (session:call s:session page (car partsl)))) (define (s:link-to page . params) (session:link-to s:session page params)) -(define (s:get-param key) - (session:get-param s:session key)) +(define (s:get-param key . type-params) + (session:get-param s:session key type-params)) ;; these are page local (define (s:get key) (session:page-get s:session key))