Security: HTTP GET Bypassed Spam Protection

Browse source

Apparently, the form_spam_protect plugin only works with HTTP POST, not GET.
Unsafe operations (save and file-upload) should be POSTs anyway.
Fixed.

Also, two broken tests fixed. Only two Unit Tests now fail: both are minor bugs in XHTMLDiff.

...

This commit is contained in:

Jacques Distler 2007-10-07 01:59:50 -05:00

parent be8bb3d06d

commit 2484542f12

6 changed files with 22 additions and 5 deletions

Show all changes Ignore whitespace when comparing lines Ignore changes in amount of whitespace Ignore changes in whitespace at EOL

Download patch file Download diff file Expand all files Collapse all files

0

test/fixtures/sessions.yml vendored Normal file

Unescape Escape View file

0

test/fixtures/wiki_files.yml vendored Normal file

Unescape Escape View file