From owner-freebsd-hackers@FreeBSD.ORG Tue Jun 21 22:13:54 2005 Return-Path: X-Original-To: freebsd-hackers@FreeBSD.org Delivered-To: freebsd-hackers@FreeBSD.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 7841E16A41C; Tue, 21 Jun 2005 22:13:54 +0000 (GMT) (envelope-from setantae@submonkey.net) Received: from shrike.submonkey.net (cpc4-cdif3-6-1-cust116.cdif.cable.ntl.com [82.23.41.116]) by mx1.FreeBSD.org (Postfix) with ESMTP id 26E1C43D1F; Tue, 21 Jun 2005 22:13:54 +0000 (GMT) (envelope-from setantae@submonkey.net) Received: from setantae by shrike.submonkey.net with local (Exim 4.51 (FreeBSD)) id 1Dkr0D-000Dr8-0I; Tue, 21 Jun 2005 23:13:53 +0100 Date: Tue, 21 Jun 2005 23:13:52 +0100 From: Ceri Davies To: Martin Cracauer Message-ID: <20050621221352.GE14221@submonkey.net> Mail-Followup-To: Ceri Davies , Martin Cracauer , bugbusters@FreeBSD.org, freebsd-hackers@FreeBSD.org References: <20050621155202.A99219@cons.org> Mime-Version: 1.0 Content-Type: multipart/signed; micalg=pgp-sha1; protocol="application/pgp-signature"; boundary="XEBwi9kjQ2E8i8dT" Content-Disposition: inline In-Reply-To: <20050621155202.A99219@cons.org> X-PGP: finger ceri@FreeBSD.org User-Agent: Mutt/1.5.9i Sender: Ceri Davies Cc: freebsd-hackers@FreeBSD.org, bugbusters@FreeBSD.org Subject: Re: Serious braindamage in the send-pr web interface X-BeenThere: freebsd-hackers@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Technical Discussions relating to FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 21 Jun 2005 22:13:54 -0000 --XEBwi9kjQ2E8i8dT Content-Type: text/plain; charset=us-ascii Content-Disposition: inline Content-Transfer-Encoding: quoted-printable On Tue, Jun 21, 2005 at 03:52:02PM -0400, Martin Cracauer wrote: > The security code of the web interface seems to really screw people > over (the image displaying a text that you have to enter). >=20 > It goes like this: > - open web page > - enter PR > - enter security code but get anything wrong (case is sufficient) >=20 > You get an error complaing about the security code. >=20 > Press back. Your carefully edited PR is still there. Good. >=20 > However, it displays the same image and the same security code as > before, although send-pr seems to have generated a new one internally. > The new code is not displayed, however, since there is no expire > header on the old one and you just hit the "back" button. >=20 > So it displays the old code to the user while it already expects a new > one. >=20 > So it rejects everything that comes out of the sequence "back button" > and resubmitting, so matter how often you do it. It never displays > its currently expected code in an image in the user's browser, it > reuses the first image every time. >=20 > If you figure that this is the problem you press reload - and your PR > is gone :-/ >=20 > I think this might be fixable as easy as setting an expire header on > the image. It has Pragma: no-cache and a dummy '?' in the URL. What does an "expire header" that expires immediatelylook like? > Also, it shouldn't be all-uppercase and case sensitive, that is > pointless.=20 Point taken; I actually remember committing lowercase letters. Interesting that it never really happened... Ceri PS www issues go to www@, not hackers@. --=20 Only two things are infinite, the universe and human stupidity, and I'm not sure about the former. -- Einstein (attrib.) --XEBwi9kjQ2E8i8dT Content-Type: application/pgp-signature Content-Disposition: inline -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.1 (FreeBSD) iD8DBQFCuJEgocfcwTS3JF8RAtKdAJ98TXO6VzfGpevtuu7gmrbHDCdxEQCfczTc eBqc10O+zpm5XLl/Js3RxpM= =jCGD -----END PGP SIGNATURE----- --XEBwi9kjQ2E8i8dT--