Hi all,
all of you who are working on DTL files know that we have $Data,
$QData (HTML quoting) and $LQData (URL parameter
encoding) to output data in DTLs dynamically.
When deciding which one to use, please from now always use $QData
(in HTML context) or $LQData (in URLs). Even if you just
output a simple $QData{"TicketID"}. Only use $Data
if you have to output HTML data, like a select box that was generated
by the perl code.
The benefit is that the DTL files become more readable, because you can
see what the nature of a certain parameter is. The main reason is that $Data
potentially causes security problems, and we therefore must limit its
use as much as we can.
To sum up: don't use $Data unless you have to! This
applies to all areas of development at OTRS, not just the framework
itself.
Regards,
--
Martin Gruner
Developer R&D
OTRS AG
Europaring 4
94315 Straubing
T: +49 (0)6172 681988 0
F: +49 (0)9421 56818 18
I: www.otrs.com/
Geschäftssitz: Bad Homburg, Amtsgericht: Bad Homburg, HRB 10751, USt-Nr.: DE256610065
Aufsichtsratsvorsitzender: Burchard Steinbild, Vorstand: André Mindermann
NEU: OTRS::ITSM 2.0 - jetzt mit dem brandneuen Change Management Modul. -Die erste ITIL® V3 kompatible
und nach PinkVERIFY zertifizierte Open Source IT Service Management (ITSM) Lösung weltweit!