I strongly disagree Dr. Anderson. >This would introduce a cross-site scripting vulnerability.
The project site either has the latest web php code or it doesn't. The is no vulnerability, its just a link to join_team.php&teamid=xxxxx when the user is not logged in. Where is the flaw? People can at least see the join button on my team page, its big enough anyway; http://setiathome.berkeley.edu/team_display.php?teamid=127961 . And you don't have to logged in to see the giant button. This does not cause any conflict in any code. The stats links, currently three and likely to grow in the coming years, have a higher promenence on the team page than the link to join the team. Thats not right! John. On Fri, Jul 31, 2009 at 11:53 PM, David Anderson <da...@ssl.berkeley.edu>wrote: > John 37309 wrote: > >> I only just noticed a few minutes ago that if you are logged out of a >> project, the link to join a team does not appear on the team page of a >> project any more, don't really know how long its been like that. Can this >> be >> fixed please so the "Join team" link is always there, logged in or not? >> I'm >> always logged in so thats why i did not notice until now. >> > > This would introduce a cross-site scripting vulnerability. > >> >> Secondly, there are currently 3 links on every team page called >> "Cross-project stats", i'm sure this will grow in time. While these links >> do >> have value, they are a distraction for some new member who is not familiar >> with boinc, and might want to join that team. Can these links be moved off >> the team page and replaced with a single link called "Stats for this team" >> that leads somewhere else, anywhere else? >> >> Thirdly, when replacing the "Cross-project stats" links with the single >> link >> called "Stats for this team", can the link be demoted down the page. >> Currently the links are up in the middle of the team description. Please >> move them down the team page, to the very bottom. >> > > These links aren't in the team description; > they're right below the team's credit totals for this project. > I think it's important to have cross-project stats nearby. > _______________________________________________ boinc_dev mailing list boinc_dev@ssl.berkeley.edu http://lists.ssl.berkeley.edu/mailman/listinfo/boinc_dev To unsubscribe, visit the above URL and (near bottom of page) enter your email address.
