Remove remaining session tokens from urls into forms
Bug #714967 reported by
Richard Mansfield
This bug affects 1 person
| Affects | Status | Importance | Assigned to | Milestone | |
|---|---|---|---|---|---|
| Mahara |
Fix Released
|
Medium
|
Richard Mansfield | ||
Bug Description
Mahara still submits the session key in urls in a few places. These should be turned into forms which submit the sesskey using POST.
Revision history for this message
| François Marier (fmarier) wrote | #1 |
| Changed in mahara: | |
| assignee: | nobody → Richard Mansfield (richard-mansfield) |
| Changed in mahara: | |
| status: | Confirmed → In Progress |
| Changed in mahara: | |
| status: | In Progress → Fix Committed |
| Changed in mahara: | |
| status: | Fix Committed → Fix Released |
To post a comment you must log in.
Also, some places (the help popups) use the session key whereas they should just be anonymous and public GET requests. (There is no need to pass login credentials there.)