Serious braindamage in the send-pr web interface
Martin Cracauer
cracauer at cons.org
Tue Jun 21 19:52:04 GMT 2005
The security code of the web interface seems to really screw people
over (the image displaying a text that you have to enter).
It goes like this:
- open web page
- enter PR
- enter security code but get anything wrong (case is sufficient)
You get an error complaing about the security code.
Press back. Your carefully edited PR is still there. Good.
However, it displays the same image and the same security code as
before, although send-pr seems to have generated a new one internally.
The new code is not displayed, however, since there is no expire
header on the old one and you just hit the "back" button.
So it displays the old code to the user while it already expects a new
one.
So it rejects everything that comes out of the sequence "back button"
and resubmitting, so matter how often you do it. It never displays
its currently expected code in an image in the user's browser, it
reuses the first image every time.
If you figure that this is the problem you press reload - and your PR
is gone :-/
I think this might be fixable as easy as setting an expire header on
the image.
Also, it shouldn't be all-uppercase and case sensitive, that is
pointless.
Martin
--
%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
Martin Cracauer <cracauer at cons.org> http://www.cons.org/cracauer/
No warranty. This email is probably produced by one of my cats
stepping on the keys. No, I don't have an infinite number of cats.
More information about the freebsd-bugbusters
mailing list