Date: Tue, 21 Jun 2005 23:13:52 +0100 From: Ceri Davies <ceri@submonkey.net> To: Martin Cracauer <cracauer@cons.org> Cc: freebsd-hackers@FreeBSD.org, bugbusters@FreeBSD.org Subject: Re: Serious braindamage in the send-pr web interface Message-ID: <20050621221352.GE14221@submonkey.net> In-Reply-To: <20050621155202.A99219@cons.org> References: <20050621155202.A99219@cons.org>
next in thread | previous in thread | raw e-mail | index | archive | help
--XEBwi9kjQ2E8i8dT Content-Type: text/plain; charset=us-ascii Content-Disposition: inline Content-Transfer-Encoding: quoted-printable On Tue, Jun 21, 2005 at 03:52:02PM -0400, Martin Cracauer wrote: > The security code of the web interface seems to really screw people > over (the image displaying a text that you have to enter). >=20 > It goes like this: > - open web page > - enter PR > - enter security code but get anything wrong (case is sufficient) >=20 > You get an error complaing about the security code. >=20 > Press back. Your carefully edited PR is still there. Good. >=20 > However, it displays the same image and the same security code as > before, although send-pr seems to have generated a new one internally. > The new code is not displayed, however, since there is no expire > header on the old one and you just hit the "back" button. >=20 > So it displays the old code to the user while it already expects a new > one. >=20 > So it rejects everything that comes out of the sequence "back button" > and resubmitting, so matter how often you do it. It never displays > its currently expected code in an image in the user's browser, it > reuses the first image every time. >=20 > If you figure that this is the problem you press reload - and your PR > is gone :-/ >=20 > I think this might be fixable as easy as setting an expire header on > the image. It has Pragma: no-cache and a dummy '?' in the URL. What does an "expire header" that expires immediatelylook like? > Also, it shouldn't be all-uppercase and case sensitive, that is > pointless.=20 Point taken; I actually remember committing lowercase letters. Interesting that it never really happened... Ceri PS www issues go to www@, not hackers@. --=20 Only two things are infinite, the universe and human stupidity, and I'm not sure about the former. -- Einstein (attrib.) --XEBwi9kjQ2E8i8dT Content-Type: application/pgp-signature Content-Disposition: inline -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.1 (FreeBSD) iD8DBQFCuJEgocfcwTS3JF8RAtKdAJ98TXO6VzfGpevtuu7gmrbHDCdxEQCfczTc eBqc10O+zpm5XLl/Js3RxpM= =jCGD -----END PGP SIGNATURE----- --XEBwi9kjQ2E8i8dT--
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20050621221352.GE14221>