Apr. 8th, 2012

exor674: Text: "I survived open beta adn all I got was this lousy icon!" (dreamwidth open beta)
[personal profile] exor674
As http://bugs.dwscoalition.org/show_bug.cgi?id=4408 has the potential to blow up a lot of things/break a lot of things if I screwed up, I want as many eyes on that patch as possible.

Make sure that I have:
  • not told DW::Controller::controller to ignore the form_auth check when it is important to do one and I am not doing a check myself
  • did not supply form_auth => 0 and no form auth exists in the actual form ( either because it's not a "dangerous" action or that one should exist )


This change will also affect pages that are not supposed to be POSTed to ( and hence have no form auth ) -- would this be a problem or can we live with it?

---

Second thing: I noticed a few pages that are devserver only, except we do the check inside the handler sub. I am of the mind that these should not even end up in the routing table at all unless we have devserver enabled ( DW::Controller::EventOutput for one example ) -- thoughts?

Profile

dw_dev: The word "develop" using the Swirly D logo.  (Default)
Dreamwidth Open Source Development

July 2025

S M T W T F S
  12345
6789101112
13141516171819
20212223 242526
2728293031  

Most Popular Tags

Page Summary

Style Credit

Expand Cut Tags

No cut tags
Page generated Aug. 9th, 2025 07:40 am
Powered by Dreamwidth Studios