Skip to Content
0
Former Member
Aug 17, 2007 at 06:44 PM

request object

22 Views

Hi,

In my DO_REQUEST methid of my controller I have

CALL METHOD request->get_form_fields

CHANGING

fields = t_value_pairs.

And I am checking t_value_pairs for any malicious characaters like SCRIPT, <,> etc., to avoid cross site scripting.

The way I do it is:

  • check for invalid chars

LOOP AT t_value_pairs INTO wa_value_pairs.

v_tabix = sy-tabix.

TRANSLATE wa_value_pairs-value TO UPPER CASE.

CALL METHOD me->check_invalids

EXPORTING

t_tvarvc = lt_inval

CHANGING

v_string = wa_value_pairs-value.

MODIFY t_value_pairs FROM wa_value_pairs INDEX v_tabix.

ENDLOOP.

The problem is after I do this I woud like to modify the request object, and for that I am using :

CALL METHOD request->set_form_fields( fields = t_value_pairs ).

But this is not working. A pop up I have in my url with script alert still shows up.

I also tried CALL METHOD request->set_form_fields( fields = t_value_pairs ) but nothing is working to clean the request url/object/value pairs.

Any suggestions?