*** Joins: Paul_46 (~IceChat09@cpc1-enfi15-2-0-cust580.hari.cable.virginmedia.com) | 00:50 | |
Paul_46 | dregad: lo? | 01:34 |
---|---|---|
dregad | mo | 01:34 |
Paul_46 | -echo '<form method="post" action="' . helper_mantis_url( 'jump_to_bug.php" class="bug-jump-form">' ); | 01:35 |
Paul_46 | +echo '<form method="get" action="' . helper_mantis_url( 'view.php" class="bug-jump-form">' ); | 01:35 |
Paul_46 | any reason why i can't do that in html api you can think of | 01:35 |
Paul_46 | for the jump to bug box ;p | 01:36 |
Paul_46 | saves a http request | 01:36 |
Paul_46 | imo | 01:36 |
*** Joins: giallu (~giallu@fedora/giallu) | 01:36 | |
dregad | get shows the vars in clear on the url | 01:38 |
dregad | and you would have to sanitize what you get in view.php if not already done | 01:38 |
dregad | as users could enter anything and not just a bug id in the form | 01:39 |
Paul_46 | you miss point ;p | 01:39 |
Paul_46 | atm | 01:39 |
dregad | otherwise, i see no issues | 01:39 |
Paul_46 | we do a post to jump to bug | 01:39 |
Paul_46 | which does a redirect to view.php?id=1 | 01:39 |
Paul_46 | i.e. 2 requests | 01:39 |
dregad | yes i know i just checked | 01:39 |
Paul_46 | and the only thing those two requests do is mean the form is post | 01:39 |
Paul_46 | whereas, we could do a get form and skip the request | 01:39 |
dregad | jump_to_bug does gpc_get_int which converts the input from (anything) to, well, an int | 01:40 |
Paul_46 | yea, and we probably do gpc_get_int in view.php | 01:40 |
Paul_46 | so thats not an issue | 01:40 |
* dregad checks | 01:41 | |
dregad | yep | 01:41 |
Paul_46 | well, if we dont it's a security issue ;p | 01:41 |
dregad | so i think we can't get rid of jump_to_bug.php as you say | 01:41 |
dregad | sorry, CAN not can't | 01:41 |
Paul_46 | ;) | 01:41 |
dregad | jump_to_bug.php also does auth_ensure_user_authenticated(); | 01:43 |
dregad | which is not in view.php | 01:43 |
dregad | so you might want to add that to bug_view_inc.php to be consistent | 01:45 |
Paul_46 | again you miss point :) | 01:58 |
Paul_46 | you can call view.php directly | 01:59 |
Paul_46 | and that might allow anonymous access | 01:59 |
Paul_46 | for instance | 01:59 |
Paul_46 | and we normally do call view.php directly | 01:59 |
Paul_46 | so that file is just a helper for the top box | 01:59 |
*** Joins: kirillka (~Miranda@195.242.142.17) | 05:09 | |
*** Quits: kirillka (~Miranda@195.242.142.17) (Quit: kirillka) | 07:02 | |
*** Quits: dregad (~dregad@155.250.128.35) (Quit: Ex-Chat) | 08:40 | |
*** Quits: giallu (~giallu@fedora/giallu) (Ping timeout: 246 seconds) | 09:47 | |
*** Quits: sdfjkljkdfsljkl (~sdfjkljkd@static.96.23.63.178.clients.your-server.de) (*.net *.split) | 10:55 | |
*** Joins: sdfjkljkdfsljkl (~sdfjkljkd@static.96.23.63.178.clients.your-server.de) | 10:57 | |
*** Joins: giallu (~giallu@fedora/giallu) | 15:20 | |
*** Quits: Paul_46 (~IceChat09@cpc1-enfi15-2-0-cust580.hari.cable.virginmedia.com) (Quit: He who laughs last, thinks slowest) | 16:12 | |
*** Quits: giallu (~giallu@fedora/giallu) (Ping timeout: 246 seconds) | 16:25 | |
*** Quits: sdfjkljkdfsljkl (~sdfjkljkd@static.96.23.63.178.clients.your-server.de) (Remote host closed the connection) | 17:00 | |
*** Joins: sdfjkljkdfsljkl (~sdfjkljkd@static.96.23.63.178.clients.your-server.de) | 17:00 | |
*** Joins: kirillka (~Miranda@195.242.142.17) | 22:43 | |
*** Joins: giallu (~giallu@fedora/giallu) | 23:58 |
Generated by irclog2html.py 2.10.0 by Marius Gedminas - find it at mg.pov.lt!