Jacques Distler 2484542f12 Security: HTTP GET Bypassed Spam Protection ...

Apparently, the form_spam_protect plugin only works with HTTP POST, not GET.
Unsafe operations (save and file-upload) should be POSTs anyway.
Fixed.

Also, two broken tests fixed. Only two Unit Tests now fail: both are minor bugs in XHTMLDiff.

2007-10-07 01:59:50 -05:00

0 lines

YAML

Raw Blame History