Hello Chad,
thanks for your reply. The Problem ist not to get data from SQL in usercontext however to pass data thru the action in usercontext.The action will be executed as an URL-string like
http://localhost/myProducts/tabid/8...PrimaryID/23/Default.aspx
Someone who knows the exact path, because he is a member of my portal, can change the ID promiscouos and can execute actions and can change data from other users.
So it is necessary to prevent this and pass the userID with the actionID.
It will be a great pleasure for me if you can change this asap.
This query
exec RSEprocItem '$(PrimaryKey)', 'program','$(UserID)','$(ProgID)'
was for testing to see if its possible to pass more than one parameter thru the action. Curious is that it is possible to pass the parameter 'program' or something else but not as a variable like '$(UserID)'
Do you have a timeline for next patch?
thanks,
Richard