> Looking at the code, it doesn't appear to check that > request.env["HTTP_REFERER"] isn't also the current page, which could > result in an infinite loop (I've triggered one before using > request.env["HTTP_REFERER"] directly). Should that be considered a > bug or just something to keep in mind when coding?
:back should be considered a 5-letter version of request.env["HTTP_REFERER"] -- nothing more. And it's only there because request.env["HTTP_REFERER"] is hard to remember in the first place. Any additional logic, including safety features, should be delegated to a more advanced plugin for it. -- David Heinemeier Hansson http://www.loudthinking.com -- Broadcasting Brain http://www.basecamphq.com -- Online project management http://www.backpackit.com -- Personal information manager http://www.rubyonrails.com -- Web-application framework _______________________________________________ Rails-core mailing list Rails-core@lists.rubyonrails.org http://lists.rubyonrails.org/mailman/listinfo/rails-core
