Did you know when your users enter the keyword %%% (three percentage characters; assume you have limited the minimum characters for the search keyword as 3) in your Basic Search panel of List pages, then your web application will display all records that belongs to the table? Even you have prevented it by defining the Requires Search Criteria and also implementing all the tricks that I wrote in my previous three articles regarding Search features, your web application users are still able to display all of your records by using the search keyword that contains 3 percentage characters above.
This following trick will show you how to prevent your web application users displaying all records in your List pages of websites that generated by PHPMaker, by rejecting those 3 percentage characters in the Search keyword. This is very useful if you have a lot of records in your table and you don't want your web application users displaying all of them in the List pages by using the cheating technique above. A simple customization, yet so powerful.
Updated on November 29, 2012: This customization has been implemented in PHPMaker version 9.1.0, it matches to each other, and as a result, it works properly.
Updated on February 10, 2013: This customization has been implemented in PHPMaker version 9.2.0, it matches to each other, and as a result, it works properly.
[hidepost]
-
Open your \Script\ewcfg.php file, and find this code:
$EW_XSS_ARRAY = array('javascript', 'vbscript', 'expression', '
- Open your PHPMaker project (.pmp) file using PHPMaker application, go to Tools -> Advanced Settings, and then make sure the Remove XSS setting item has been checked.
- Re-generate your script files using PHPMaker as always.
[/hidepost]
Leave a Reply
You must be logged in to post a comment.