[wp-hackers] Any other way to do it? (or,
do we really need Nonces?)
false.hopes at gmail.com
Sat Mar 3 15:59:07 GMT 2007
On 3/3/07, Elliotte Harold <elharo at metalab.unc.edu> wrote:
> that submits a POST to a 3rd party site with authentication cookies intact.
<form name="bar" target="foo" method="post"
<input type="hidden" name="var1" value="value1"/>
<input type="hidden" name="var2" value="value2"/>
<input type="hidden" name="var3" value="value3"/>
<input type="submit" name="weneedthistosubmit"
This particular incarnation is borrowed from earlier in the thread.
This one does work, however it will more likely than not trigger your
popup blockers. Test it and let it through, though, then remember that
all it takes is clicking a link and your popup blocker won't have a
thing to say.
The following are to help you test it. This sets a semi-random cookie.
This one var_dump()s $_POST and $_COOKIE
More information about the wp-hackers