Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Removed action attribute from login form #7433

Merged
merged 1 commit into from Mar 16, 2015
Merged

Removed action attribute from login form #7433

merged 1 commit into from Mar 16, 2015

Conversation

sgiehl
Copy link
Member

@sgiehl sgiehl commented Mar 14, 2015

See #7432

Removed the action attribute from the login form. Without the attribute the browser will automatically use the current url. That also includes the hash, which we do not have available on server side.

It's quite a simple change. But I'm not sure if it opens up the form to any security attack.

…owser to use the current url (including the hash)
@sgiehl sgiehl added the Needs Review PRs that need a code review label Mar 14, 2015
@mattab mattab added this to the Piwik 2.12.0 milestone Mar 16, 2015
mattab pushed a commit that referenced this pull request Mar 16, 2015
Removed action attribute from login form
@mattab mattab merged commit ccddd80 into master Mar 16, 2015
@mattab
Copy link
Member

mattab commented Mar 16, 2015

it works, didn't know about this trick 👍

@mnapoli mnapoli deleted the 7432 branch March 16, 2015 05:02
@mattab mattab added the not-in-changelog For issues or pull requests that should not be included in our release changelog on matomo.org. label Mar 16, 2015
@mattab
Copy link
Member

mattab commented Mar 16, 2015

(fyi: added not-in-changelog label to PR so we don't get two entries in changelog for the one issue)

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
Needs Review PRs that need a code review not-in-changelog For issues or pull requests that should not be included in our release changelog on matomo.org.
Projects
None yet
Development

Successfully merging this pull request may close these issues.

None yet

2 participants