[wp-hackers] Any other way to do it? (or, do we really need Nonces?)

Chris chris.hearn01 at ntlworld.com
Fri Mar 2 00:51:26 GMT 2007


Sorry - I think just answered own question - I guess it's because the 
conversation just refers specifically to _links_
Chris

Jeremy Visser wrote:
> Mark Jaquith wrote:
>   
>> On Feb 27, 2007, at 11:47 AM, howard chen wrote:
>>     
>>> can WP allow detete/update action thru HTTP Get?
>>>       
>> We protect HTTP GET deletes with nonces
>>     
>
> I've always disliked doing any dangerous action with GET, regardless of
> whether the links are protected with nonces.
>
> Can't we have some sort of JavaScript action that will load the
> comment/post ID into a POST form and submit it automagically?
>
> I would have suggested having separate <button>s like this styled like
> links so we could use POST still:
>
> 	<button name="comment_id" value="1">Delete me!</button>
> 	<button name="comment_id" value="2">Delete me!</button>
> 	<button name="comment_id" value="3">Delete me!</button>
>
> ...but MSIE doesn't like it.
> _______________________________________________
> wp-hackers mailing list
> wp-hackers at lists.automattic.com
> http://lists.automattic.com/mailman/listinfo/wp-hackers
>
>
>   


More information about the wp-hackers mailing list