Django Book 翻译
菜单>:
TOC
返回
原文:
Another permutation of this problem lies in code that dynamically loads modules based on the URL or other request information. A well-publicized example came from the world of Ruby on Rails. Prior to mid-2006, Rails used URLs like ``http://example.com/person/poke/1`` directly to load modules and call methods. The result was that a carefully constructed URL could automatically load arbitrary code, including a database reset script!
翻译:
这个问题的另一种表现形式,出现在根据URL和其他的请求信息动态地加载模块。一个众所周知的例子来自于Ruby on Rails。在2006年上半年之前,Rails使用类似于 ``http://example.com/person/poke/1`` 这样的URL直接加载模块和调用函数。结果是,精心构造的URL,可以自动地调用任意的代码,包括数据库的清空脚本。
备注:
译者: