Daemon News Ezine | BSD News | BSD Mall | BSD Support Forum | BSD Advocacy | BSD Updates |
On Tue, Jun 21, 2005 at 03:52:02PM -0400, Martin Cracauer wrote: > The security code of the web interface seems to really screw people > over (the image displaying a text that you have to enter). > > It goes like this: > - open web page > - enter PR > - enter security code but get anything wrong (case is sufficient) > > You get an error complaing about the security code. > > Press back. Your carefully edited PR is still there. Good. > > However, it displays the same image and the same security code as > before, although send-pr seems to have generated a new one internally. > The new code is not displayed, however, since there is no expire > header on the old one and you just hit the "back" button. > > So it displays the old code to the user while it already expects a new > one. > > So it rejects everything that comes out of the sequence "back button" > and resubmitting, so matter how often you do it. It never displays > its currently expected code in an image in the user's browser, it > reuses the first image every time. > > If you figure that this is the problem you press reload - and your PR > is gone :-/ > > I think this might be fixable as easy as setting an expire header on > the image. It has Pragma: no-cache and a dummy '?' in the URL. What does an "expire header" that expires immediatelylook like? > Also, it shouldn't be all-uppercase and case sensitive, that is > pointless. Point taken; I actually remember committing lowercase letters. Interesting that it never really happened... Ceri PS www issues go to www@, not hackers@. -- Only two things are infinite, the universe and human stupidity, and I'm not sure about the former. -- Einstein (attrib.)
Attachment:
pgpkOXosqAkV2.pgp
Description: PGP signature