Message5843
I wonder if we could use the one time key mechanism used for password
resets here as well.
For each form we generate a template function that produces:
<hidden name="otk" value="....." >
and change RetireAction, RestoreAction, EditCSVAction,
EditItemAction::handler, NewItemAction::handler, RegisterActon::hander,
(maybe SearchAction) to verify the otk against what is stored
int he session database.
Would this basic idea work? |
|
Date |
User |
Action |
Args |
2016-07-13 00:22:33 | rouilj | set | messageid: <1468369353.58.0.139192788586.issue2550690@psf.upfronthosting.co.za> |
2016-07-13 00:22:33 | rouilj | set | recipients:
+ rouilj, schlatterbeck, ber, joseph_myers, eadler |
2016-07-13 00:22:33 | rouilj | link | issue2550690 messages |
2016-07-13 00:22:32 | rouilj | create | |
|