![[site community profile]](https://www.dreamwidth.org/img/comm_staff.png){kind=small}
Many Eyes Wanted
Apr. 8th, 2012 06:37 pm![[personal profile]](https://www.dreamwidth.org/img/silk/identity/user.png){kind=small}
exor674As http://bugs.dwscoalition.org/show_bug.cgi?id=4408 has the potential to blow up a lot of things/break a lot of things if I screwed up, I want as many eyes on that patch as possible.
Make sure that I have:
This change will also affect pages that are not supposed to be POSTed to ( and hence have no form auth ) -- would this be a problem or can we live with it?
---
Second thing: I noticed a few pages that are devserver only, except we do the check inside the handler sub. I am of the mind that these should not even end up in the routing table at all unless we have devserver enabled ( DW::Controller::EventOutput for one example ) -- thoughts?
Make sure that I have:
- not told DW::Controller::controller to ignore the form_auth check when it is important to do one and I am not doing a check myself
- did not supply form_auth => 0 and no form auth exists in the actual form ( either because it's not a "dangerous" action or that one should exist )
This change will also affect pages that are not supposed to be POSTed to ( and hence have no form auth ) -- would this be a problem or can we live with it?
---
Second thing: I noticed a few pages that are devserver only, except we do the check inside the handler sub. I am of the mind that these should not even end up in the routing table at all unless we have devserver enabled ( DW::Controller::EventOutput for one example ) -- thoughts?