From mboxrd@z Thu Jan  1 00:00:00 1970
From: Michael Tremer <michael.tremer@ipfire.org>
To: development@lists.ipfire.org
Subject: Re: Request to merge: new-updxlrtr-v3.0: Enabling GET-Params for
 %xlrtrsettings
Date: Thu, 25 Apr 2013 12:29:27 +0200
Message-ID: <1366885767.32654.127.camel@rice-oxley.tremer.info>
In-Reply-To:
 <CAAiW7AdWAdBvkLqNGjcE0MLp-LqhP_T2rjRpktdSBRurjfzfWA@mail.gmail.com>
MIME-Version: 1.0
Content-Type: multipart/mixed; boundary="===============7203595918587815108=="
List-Id: <development.lists.ipfire.org>

--===============7203595918587815108==
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: quoted-printable

Hey,

I think the original intention to filter for POST requests is to prevent
cross-site scripting issues. However, it is not a huge problem to create
a POST request with JS.

I am still not convinced that we should remove this line. It makes XSS
attacks more easy and therefore more dangerous.

For what exactly is this modification required?

-Michael

On Wed, 2013-04-24 at 18:22 +0200, J=C3=B6rn-Ingo Weigert wrote:
> This add GET-Parameters for xlrtrsettings in header.pl
>=20
>=20
> http://git.ipfire.org/?p=3Dpeople/jiweigert/ipfire-2.x.git;a=3Dcommit;h=3Db=
836edd0511e2cfc807292ff84322e71aa2dd7ec
>=20
> _______________________________________________
> Development mailing list
> Development(a)lists.ipfire.org
> http://lists.ipfire.org/mailman/listinfo/development


--===============7203595918587815108==--