[prev in list] [next in list] [prev in thread] [next in thread] 

List:       kde-core-devel
Subject:    Re: Patch: konqueror form attacks
From:       Claudiu Costin <claudiuc () work ! ro>
Date:       2001-09-03 21:39:34
[Download RAW message or body]

On Monday 03 September 2001 21:44, Bernhard Rosenkraenzer wrote:
> On Mon, 3 Sep 2001, Thomas Zander wrote:
> > I do have cups, and it runs a webserver on port 631, this works fine.
> > Does this mean I can't control my jobs anymore from konq?
> >
> > i.e.: http://www.cups.thomas.net:631/jobs?which_jobs=completed
>
> That will still work, however:
>
> <form method=post action="http://www.cups.thomas.net:631/jobs">
> Jobs type: <input type=text name="which_jobs">
> <input type=submit>
> </form>
Not allowing GET like requests in action will break _lot_ of sites.
GET like vars should be transformed in POST like vars
(as I inserted <input type=hidden ...>
>
> This one won't (unless you use the message box patch I've sent to the
> list earlier), and I expect it's usually called using something like
> that.
>
> LLaP
> bero

kind regards,
-- 
Claudiu Costin
<claudiuc@work.ro>

[prev in list] [next in list] [prev in thread] [next in thread]