On Tue November 25 2008, Toshio Kuratomi wrote: > For these issues we could either concentrate on fixing or mitigating > them. Fixing them would require the laborious changes I talked about > earlier to change the way the framework already processes the POST and > GET parameters before they get to us. I guess it would be enough only to check whether the request is a POST-request without checking where the variables come from. This is maybe available in this variable: cherrypy.request.method > Mitigation is easier -- we should > make it part of our best practices to never have links or GET driven > forms that make state changes when designing the UI and templates. This is also needed, if you check for the request method, because otherwise you would have broken links. Regards, Till
Description: This is a digitally signed message part.