[wp-hackers] Any other way to do it? (or,
do we really need Nonces?)
Robert Deaton
false.hopes at gmail.com
Fri Mar 2 05:53:20 GMT 2007
On 3/1/07, Jeremy Visser <jeremy.visser at gmail.com> wrote:
> Mark Jaquith wrote:
> > On Feb 27, 2007, at 11:47 AM, howard chen wrote:
> >> can WP allow detete/update action thru HTTP Get?
> >
> > We protect HTTP GET deletes with nonces
>
> I've always disliked doing any dangerous action with GET, regardless of
> whether the links are protected with nonces.
>
> Can't we have some sort of JavaScript action that will load the
> comment/post ID into a POST form and submit it automagically?
No, it doesn't peacefully degrade for user agents without JS or with
JS disabled.
--
--Robert Deaton
http://lushlab.com
More information about the wp-hackers
mailing list