On 24 mai 23:27, Adrien Di Mascio wrote:
> On Thu, May 24, 2012 at 9:39 PM, Sylvain Thénault
> > Corrolary points:
> >
> > * what can't we have by disabling rql input, beside allowing user to type
> >  arbitrary rql?
> There are quite a few places in CW or cubes where urls with explicit
> rql and vid parameters are generated. If you disable the rql parameter
> (which is not that hard), you'll get bitten there.

yes, though IMO most of those could be avoided. And that's precisely the
work to be done so one can disable rql input: I would want the default ui
(and core cubes) still working.

