instiki/app/controllers
Jacques Distler 2484542f12 Security: HTTP GET Bypassed Spam Protection
Apparently, the form_spam_protect plugin only works with HTTP POST, not GET.
Unsafe operations (save and file-upload) should be POSTs anyway.
Fixed.

Also, two broken tests fixed. Only two Unit Tests now fail: both are minor bugs in XHTMLDiff.
2007-10-07 01:59:50 -05:00
..
admin_controller.rb Sync with Instiki Trunk 2007-05-11 11:47:38 -05:00
application.rb Minor Fixes 2007-10-01 22:09:51 -05:00
cache_sweeping_helper.rb Atom Feeds (bis) 2007-04-13 17:20:14 -05:00
file_controller.rb Security: HTTP GET Bypassed Spam Protection 2007-10-07 01:59:50 -05:00
revision_sweeper.rb All WikiReference methods now limit results to the current web. 2007-03-10 16:09:20 -05:00
web_sweeper.rb Checkout of Instiki Trunk 1/21/2007. 2007-01-22 07:43:50 -06:00
wiki_controller.rb Security: HTTP GET Bypassed Spam Protection 2007-10-07 01:59:50 -05:00