Re: Request to merge: new-updxlrtr-v3.0: Enabling GET-Params for %xlrtrsettings

25 Apr 2013


      Hey,
I think the original intention to filter for POST requests is to prevent
cross-site scripting issues. However, it is not a huge problem to create
a POST request with JS.
I am still not convinced that we should remove this line. It makes XSS
attacks more easy and therefore more dangerous.
For what exactly is this modification required?
-Michael
On Wed, 2013-04-24 at 18:22 +0200, Jörn-Ingo Weigert wrote:
...
This add GET-Parameters for xlrtrsettings in header.pl
http://git.ipfire.org/?p=people/jiweigert/ipfire-2.x.git;a=commit;h=b836edd0...

Development mailing list
Development@lists.ipfire.org
http://lists.ipfire.org/mailman/listinfo/development

2024

2023

2022

2021

2020

2019

2018

2017

2016

2015

2014

2013

2012

Re: Request to merge: new-updxlrtr-v3.0: Enabling GET-Params for %xlrtrsettings