[wp-hackers] Any other way to do it? (or, do we really need
Nonces?)
Chris
chris.hearn01 at ntlworld.com
Fri Mar 2 00:47:33 GMT 2007
newbie question, sorry - can I ask why using GETS rather than POST? When
i have written my own php stuff I use post almost exclusively.. is it so
that the BACK browser button behaves better?
thanks
Chris
Jeremy Visser wrote:
> Mark Jaquith wrote:
>
>> On Feb 27, 2007, at 11:47 AM, howard chen wrote:
>>
>>> can WP allow detete/update action thru HTTP Get?
>>>
>> We protect HTTP GET deletes with nonces
>>
>
> I've always disliked doing any dangerous action with GET, regardless of
> whether the links are protected with nonces.
>
> Can't we have some sort of JavaScript action that will load the
> comment/post ID into a POST form and submit it automagically?
>
> I would have suggested having separate <button>s like this styled like
> links so we could use POST still:
>
> <button name="comment_id" value="1">Delete me!</button>
> <button name="comment_id" value="2">Delete me!</button>
> <button name="comment_id" value="3">Delete me!</button>
>
> ...but MSIE doesn't like it.
> _______________________________________________
> wp-hackers mailing list
> wp-hackers at lists.automattic.com
> http://lists.automattic.com/mailman/listinfo/wp-hackers
>
>
>
More information about the wp-hackers
mailing list