[wp-trac] Re: [WordPress Trac] #4529: Modal "Are You Sure?" dialogs
should be replaced with "Undo" functionality.
WordPress Trac
wp-trac at lists.automattic.com
Mon Jun 25 03:30:19 GMT 2007
#4529: Modal "Are You Sure?" dialogs should be replaced with "Undo" functionality.
----------------------------+-----------------------------------------------
Reporter: markjaquith | Owner: anonymous
Type: task | Status: new
Priority: normal | Milestone: 2.4 (future)
Component: Administration | Version: 2.3
Severity: normal | Resolution:
Keywords: |
----------------------------+-----------------------------------------------
Comment (by filosofo):
Wouldn't this undercut the protection from CSRF-type attacks offered by
the AYS dialogs?
For example, say I visit a hostile site that uses Javascript in an iframe
or whatever to attempt to delete one of my posts. As I understand the
current system, I might not see the AYS dialog that would appear upon
receiving such a non-nonced command, but my failure to approve it would
stop the deletion from occurring. It seems like under your scenario the
deletion would occur and I would be none the wiser.
--
Ticket URL: <http://trac.wordpress.org/ticket/4529#comment:1>
WordPress Trac <http://trac.wordpress.org/>
WordPress blogging software
More information about the wp-trac
mailing list