Require POST request for all actions that change server
Review Request #21 - Created Oct. 24, 2008 and submitted
| Information | |
|---|---|
| Bogdan-Cristian Tătăroiu | |
| infoarena | |
| Reviewers | |
| hackers | |
Changed logout, textblock_delete, attachment_delete and attachment_rename controllers to require POST. Implemented a format_post_link function which makes a form with margin and padding 0 and with a javascript activated link inside it. It looks good (and works) in Firefox 3, IE 5, 5.5, 6, Konqueror 4, Google Chrome (so it should look good in Safari too).
Review request changed
Change Summary:
Changed diff to only use a form if javascript is disabled. -- Bogdan
Diff: |
Revision 3 (+122 -52) |
|---|
Review request changed
Change Summary:
Use JSON to escape $post_data. Also added data fields to the form displayed when javascript is not available (forgot to do that in previous diff). -- Bogdan
Diff: |
Revision 4 (+120 -52) |
|---|
Looks good to me, but I would feel better if Cristi would also take a look at it.
-
/trunk/www/views/header.php (Diff revision 4) -
Kind of offtopic, but I read (http://developer.yahoo.com/performance/rules.html) that it's better to put scripts at the bottom of a webpage to have the content load before the scripts. Should we do something like this?
-
/trunk/www/format/format.php (Diff revision 4) -
I remember Safari had trouble displaying anchors with href attribute "javascript:void(0)". I'm not sure if this also applies to our links, but it's worth checking out. http://www.apple.com/safari/
-
/trunk/www/format/format.php (Diff revision 4) -
This is very cool! I like it! Expand the comment a bit, tell that we're using a form with hidden fields.