[wp-hackers] Security at Wordpress

Elliotte Harold elharo at metalab.unc.edu
Mon Apr 24 11:52:07 GMT 2006


Andrew Krespanis wrote:
>>> Done. Can we move away from that excuse now or am I going to have to
>>> do a full html mockup with <input>s inplace of all action-performing
>>> links to prove my point?
>> Yup, that's what you gotta do.
> 
> http://leftjustified.net/lab/wordpress/admin/edit.html
> 
> Looks fine :)
> 
> 

Thanks! Looks good to me.

If anything this proof of concept goes further than it needs to.  I 
think the edit action is side-effect free and safe since it doesn't 
actually save anything to the database, just open up the edit page. Thus 
the edit action could be done with a GET link instead of a form input.

You might be able to go one step further by using CSS to put a border 
around the View item so it looks like the Edit and Delete buttons. 
Honestly though, this is plenty good enough for me and clearly proves 
your point that appearance need not be a concern when deciding between 
POST and GET.

-- 
Elliotte Rusty Harold  elharo at metalab.unc.edu
XML in a Nutshell 3rd Edition Just Published!
http://www.cafeconleche.org/books/xian3/
http://www.amazon.com/exec/obidos/ISBN=0596007647/cafeaulaitA/ref=nosim


More information about the wp-hackers mailing list