[wp-hackers] Forum Help

Matthew Thomas mpt at myrealbox.com
Sun May 15 11:01:16 GMT 2005


Mike Little wrote:
>...
> without wanting to get into a full blown discussion going over old old
> ground on this subject, you need to understand that the wording of
> IETF RFCs is very specific about 'must' and 'should', etc. Regardless
> of how anyone else might interpret these words in any other context.
> RFC 2119 has the full details: http://www.faqs.org/rfcs/rfc2119.html

Sure, but come on -- do you really think the reason WordPress doesn't 
follow this part of the RFC is because, when implementing those pages, 
Matt read RFC 2616 and said "oh, it only says SHOULD, we're all right 
then"? :-) Many authors (including me) just didn't read it.

>...
> So, WordPress, along with millions of other web applications (think
> web counters),

Web counters have always been broken anyway (think caches).

> has GET requests which change the state of the server.
>...

And have always been broken. Google Web Accelerator is merely the most 
famous of many pre-fetching accelerators, some of which have been around 
for years. Are you going to try and block them all?

And it's not just accelerators you have to worry about. Imagine that 
you're not using comment moderation (maybe you're using an anti-spam 
plug-in instead). Then one day someone makes a seemingly innocent 
comment on one of your posts, linking to an article they found on a 
similar subject. You click the link, and by the time you realize it goes 
to <http://zed1.com/journalized/wp-admin/post.php?action=delete&post=1>, 
it's too late.

-- 
Matthew Thomas
http://mpt.net.nz/


More information about the wp-hackers mailing list