[wp-hackers] Security at Wordpress
Elliotte Harold
elharo at metalab.unc.edu
Mon Apr 24 11:52:07 GMT 2006
Andrew Krespanis wrote:
>>> Done. Can we move away from that excuse now or am I going to have to
>>> do a full html mockup with <input>s inplace of all action-performing
>>> links to prove my point?
>> Yup, that's what you gotta do.
>
> http://leftjustified.net/lab/wordpress/admin/edit.html
>
> Looks fine :)
>
>
Thanks! Looks good to me.
If anything this proof of concept goes further than it needs to. I
think the edit action is side-effect free and safe since it doesn't
actually save anything to the database, just open up the edit page. Thus
the edit action could be done with a GET link instead of a form input.
You might be able to go one step further by using CSS to put a border
around the View item so it looks like the Edit and Delete buttons.
Honestly though, this is plenty good enough for me and clearly proves
your point that appearance need not be a concern when deciding between
POST and GET.
--
Elliotte Rusty Harold elharo at metalab.unc.edu
XML in a Nutshell 3rd Edition Just Published!
http://www.cafeconleche.org/books/xian3/
http://www.amazon.com/exec/obidos/ISBN=0596007647/cafeaulaitA/ref=nosim
More information about the wp-hackers
mailing list