Uploaded image for project: 'Confluence Data Center'
  1. Confluence Data Center
  2. CONFSERVER-11856

Remove attachment action submitted via GET rather than POST

XMLWordPrintable

    • Icon: Bug Bug
    • Resolution: Duplicate
    • Icon: Medium Medium
    • None
    • 2.8
    • None

      202.47.1.18 - - [19/May/2008:01:19:00 -0500] "GET /pages/removeattachment.action?pageId=685540383&fileName=kermit.jpg&version=1 HTTP/1.1" 200 3603 ...
      

      Kiddies, do you know what happens to bad webapps that use GETs to submit "delete" operations rather than POSTs?

      In the night the Big Bad Googlebot comes along clicking every link, ignores the "Do you really want to delete?" Javascript, and deletes every attachment on the page.

            Unassigned Unassigned
            7ee5c68a815f Jeff Turner
            Votes:
            1 Vote for this issue
            Watchers:
            0 Start watching this issue

              Created:
              Updated:
              Resolved: