[wikka-community] $_POST in logout ?
Brian Koontz
brian
Mon Sep 28 01:10:36 GMT 2009
On Mon, Sep 28, 2009 at 01:09:23AM +0200, morten hundevad wrote:
> is there a security reason why making it required to use $_POST in logout ?
>
> ------------------------------------------------------------ code start
> ------------------------------------------------------------
> // BEGIN *** Logout ***
> // is user trying to log out?
> if (isset($_POST['logout']) && $_POST['logout'] == LOGOUT_BUTTON_LABEL)
> // replaced with normal form button #353, #312
> {
> $this->LogoutUser();
> $params .= 'out=true';
> $this->Redirect($url.$params);
> }
> // END *** Logout ***
> ------------------------------------------------------------ code end
> ------------------------------------------------------------
>
> would be nice if logout could be preformed from $_GET aswell ... unless
> there is a security issue here.
Morten, discussion reference this topic can be found starting with
this comment:
http://wush.net/trac/wikka/ticket/312#comment:9
--Brian
--
Brian Koontz
Wikka Development Team
Systems Support and Random Tasking Dept.
More information about the community
mailing list