Skip site navigation (1)Skip section navigation (2)
Date:      Tue, 21 Jun 2005 23:13:52 +0100
From:      Ceri Davies <ceri@submonkey.net>
To:        Martin Cracauer <cracauer@cons.org>
Cc:        freebsd-hackers@FreeBSD.org, bugbusters@FreeBSD.org
Subject:   Re: Serious braindamage in the send-pr web interface
Message-ID:  <20050621221352.GE14221@submonkey.net>
In-Reply-To: <20050621155202.A99219@cons.org>
References:  <20050621155202.A99219@cons.org>

next in thread | previous in thread | raw e-mail | index | archive | help

--XEBwi9kjQ2E8i8dT
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
Content-Transfer-Encoding: quoted-printable

On Tue, Jun 21, 2005 at 03:52:02PM -0400, Martin Cracauer wrote:
> The security code of the web interface seems to really screw people
> over (the image displaying a text that you have to enter).
>=20
> It goes like this:
> - open web page
> - enter PR
> - enter security code but get anything wrong (case is sufficient)
>=20
> You get an error complaing about the security code.
>=20
> Press back.  Your carefully edited PR is still there.  Good.
>=20
> However, it displays the same image and the same security code as
> before, although send-pr seems to have generated a new one internally.
> The new code is not displayed, however, since there is no expire
> header on the old one and you just hit the "back" button.
>=20
> So it displays the old code to the user while it already expects a new
> one.
>=20
> So it rejects everything that comes out of the sequence "back button"
> and resubmitting, so matter how often you do it.  It never displays
> its currently expected code in an image in the user's browser, it
> reuses the first image every time.
>=20
> If you figure that this is the problem you press reload - and your PR
> is gone :-/
>=20
> I think this might be fixable as easy as setting an expire header on
> the image.

It has Pragma: no-cache and a dummy '?' in the URL.  What does an
"expire header" that expires immediatelylook like?

> Also, it shouldn't be all-uppercase and case sensitive, that is
> pointless.=20

Point taken; I actually remember committing lowercase letters.
Interesting that it never really happened...

Ceri

PS  www issues go to www@, not hackers@.
--=20
Only two things are infinite, the universe and human stupidity, and I'm
not sure about the former.			  -- Einstein (attrib.)

--XEBwi9kjQ2E8i8dT
Content-Type: application/pgp-signature
Content-Disposition: inline

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.1 (FreeBSD)

iD8DBQFCuJEgocfcwTS3JF8RAtKdAJ98TXO6VzfGpevtuu7gmrbHDCdxEQCfczTc
eBqc10O+zpm5XLl/Js3RxpM=
=jCGD
-----END PGP SIGNATURE-----

--XEBwi9kjQ2E8i8dT--



Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20050621221352.GE14221>