Ticket #173 (new defect)

Opened 3 years ago

Last modified 2 years ago

GET can be dangerous

Reported by: me@pixelcort.com Assigned to: developer
Priority: high Milestone:
Component: Instiki Version: 0.10.0
Severity: major Keywords:
Cc:

Description

Some URLs when used with the GET command make changes to Instiki. For example /wiki/save/ URLs.

All things that modify Instiki should use POST and not work with GET.

Change History

05/24/05 05:51:55 changed by anonymous

Please don't put buttons all over the place. GET if fine, google will learn.

06/30/05 16:17:42 changed by Joseph S Huang <JosephSHuang@gmail.com>

How exactly will Google "learn"? They will develop a uber server sniffer that can tell if a GET link is dangerous? Just plain absurd.

09/29/05 16:05:47 changed by 조찬욱

<A HREF="http://www.hot.es.pn" target="_blank">

@당.나.귀.성.인.전.용.서.버.오.픈@

http://www.hot.es.pn

http://www.hot.es.pn

삭@@@@제: uiy999

</a>

10/03/05 12:52:45 changed by 컹유쩡

<A HREF="http://wow.cn.ms" target="_blank">

**뽀.르.노.p.2.p.공.유.중** 전.세.계.동.영.상.무.료.공.유.중 A.V.걸.들.노,모,자,이,크,무,삭,제,공,유,중

http://wow.cn.ms

http://wow.cn.ms

삭@@@@제: ppp99

</a>

10/15/05 00:21:12 changed by 옹박이

<A HREF="http://www.bogoo.da.ru" target="_blank">

성,인,전,용,비,공,개,p,2,p,공,개,중 미,국,서,버 한,글,화,로,공,개,중 당,나,귀 비,공,개 서,버,성,인,자,료 미,성,년,자,출,입,금,지

http://www.bogoo.da.ru

http://www.bogoo.da.ru

삭----제: cocoi

</a>

11/06/05 12:52:12 changed by 겅유실

<A HREF="http://www.joa.hk.ms" target="_blank">

(P.2.P)방.대.한.자.료.공.유 자.료.만.땅! 무 엇 이 든 지 모 든 자 료 가 다있습니다,

http://www.joa.hk.ms

http://www.joa.hk.ms

암/호 joa22

</a>

11/17/05 20:13:12 changed by 루마니아

<A HREF="http://p2p.au.ms" target="_blank">

(성,인)자,료1800여편이 넘는 풀무비 공유중

http://p2p.au.ms

http://p2p.au.ms

삭,제,비,번 = cooo8

</a>

11/23/05 19:16:15 changed by 루마니아

<A HREF="http://p2p.au.ms" target="_blank">

(성,인)자,료1800여편이 넘는 풀무비 공유중

http://p2p.au.ms

http://p2p.au.ms

삭,제,비,번 = cooo8

</a>

12/07/05 07:22:54 changed by anonymous

<blockquote>Please don't put buttons all over the place. GET if fine, google will learn.</blockquote>

You dont need a button to do a POST action, you can post from just a plain text link, of course that needs JS but for those who have it they get the text, for those that dont they get a button. Google before you speak.

Also as Joseph points out, google can't know the result of its action _before_ it does it, and even then it doesnt really know the result, As good as google is I dont think is currently AI.

And as a final addition, the HTTP spec says you should not have GET make changes, thats why we have POST, GET, DELETE et al.

12/12/05 09:53:54 changed by 껑유중

<A HREF="http://www.xdx.jp.pn" target="_blank">

(최.대규.모)일.본.뽀.르.노.p.2.p.공.유.중

http://www.xdx.jp.pn

http://www.xdx.jp.pn

삭,제,비,번 = momo8

</a>

04/05/07 02:46:59 changed by anonymous

World Of Warcraftwow goldwow goldaidscheap hotelhealth servicescoins and edalsbar code ccd wireless bar code readerbuy bar codebar code scanning systemsap bar codewhich barcode scanner should i buy? Aristo Halifaxgod of war unlockable videos A Secret Revealeddiscounts furniturewalleye worm harnessgold of war cheatsworld warcraft power levelingwrought iron stair railingsValerie confectionsmore than words lyricsstudy abroadwow power levelingrod iron wall decorbuy wow gold staircase ironStar TattoosHuge Bedding & Bath Discounts wow gold contrastiron gate in california for saleiron gate in california for salereally cheap wow goldatlanta wrought iron doorscomputer deskscheap wow gold word listedwrought iron stair railingsileusautomatic gatespowerlevelingcheap gold for wowcheap american gold coinscalifornia gold rush stories hangingsForeign stuffdiscounts furniture Study Abroad in Japan Call Centerconstipation treadmillsupermanspiderman?3cheap car insurance companycheap female car insuranceairline tickets for cheapcheap air tickets to londoncheap hotelscheap hotel majorcacheap hotels in paphoscheap hotel niagaracheap reno hotelscheap hotels palm springscheap hotel romenew york cheap hotelvoip conference phonemedical insuranceprojector lamphair lossdna testingCEREBRAL PALSYforeign languagetattooshearing aidsreally cheap wow golddiabetessell wow goldgold wow 呼叫中心蜘蛛人一号通中国