roller-user mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Dave <snoopd...@gmail.com>
Subject Re: nasty bug in config screens
Date Fri, 13 Feb 2009 14:47:49 GMT
Sheesh. That *is* a doozy and I think you are right restricting the
action to only accept POST should work. I'm not sure why that
restriction is not already in place.

- Dave


On Thu, Feb 12, 2009 at 4:48 PM, Dick Davies
<rasputnik@hellooperator.net> wrote:
> I've filed this as https://issues.apache.org/roller/browse/ROL-1788
>
> immediate hunch is that this could be fixed by either requiring POSTs
> to that action,
> or having the code only change the checkbox state if the http request
> provides values for them.
>
> On Thu, Feb 12, 2009 at 3:30 PM, Dick Davies
> <rasputnik@hellooperator.net> wrote:
>> I just found a doozy of a bug in the admin screens, thought I'd mention it here.
>>
>> I was logged into the admin app and had just changed some settings, so
>> my location bar looked like
>>
>>  http://blogname.co.uk/roller-ui/admin/globalConfig!save.rol

>>
>> If I select that URL and hit enter (forcing a reload of that page),
>> all the checkboxes on
>> that view are deselected - disabling every associated option. You
>> don't need to hit save,
>> the changes are applied immediately (guessing because of the !save.rol
>> at the end?).
>>
>> Found this out by bookmarking what I thought was the admin screen....
>> how we laughed (after the users had calmed down a bit).
>>
>

Mime
View raw message