Date: Tue, 21 Jun 2005 15:52:02 -0400 From: Martin Cracauer <cracauer@cons.org> To: bugbusters@FreeBSD.org Cc: freebsd-hackers@FreeBSD.org Subject: Serious braindamage in the send-pr web interface Message-ID: <20050621155202.A99219@cons.org>
next in thread | raw e-mail | index | archive | help
The security code of the web interface seems to really screw people over (the image displaying a text that you have to enter). It goes like this: - open web page - enter PR - enter security code but get anything wrong (case is sufficient) You get an error complaing about the security code. Press back. Your carefully edited PR is still there. Good. However, it displays the same image and the same security code as before, although send-pr seems to have generated a new one internally. The new code is not displayed, however, since there is no expire header on the old one and you just hit the "back" button. So it displays the old code to the user while it already expects a new one. So it rejects everything that comes out of the sequence "back button" and resubmitting, so matter how often you do it. It never displays its currently expected code in an image in the user's browser, it reuses the first image every time. If you figure that this is the problem you press reload - and your PR is gone :-/ I think this might be fixable as easy as setting an expire header on the image. Also, it shouldn't be all-uppercase and case sensitive, that is pointless. Martin -- %%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% Martin Cracauer <cracauer@cons.org> http://www.cons.org/cracauer/ No warranty. This email is probably produced by one of my cats stepping on the keys. No, I don't have an infinite number of cats.
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20050621155202.A99219>