Aristotle Pagaltzis wrote:
img src=http://yourapp.example.org/addressbook/delete/all;
into a page they control and then send a link to that page to
your users. If you allow destructive actions on GET, you have
just allowed for your users to be screwed over through no fault
of their own.
* Carl Johnstone catal...@fadetoblack.me.uk [2009-01-22 12:55]:
Aristotle Pagaltzis wrote:
img src=http://yourapp.example.org/addressbook/delete/all;
into a page they control and then send a link to that page to
your users. If you allow destructive actions on GET, you have
just
* Jesse Sheidlower jes...@panix.com [2009-01-21 15:55]:
What I typically do is have two separate actions, a delete
and a do_delete. The delete action merely displays the
record and has a form (link, whatever) asking Are you sure?,
and then if they agree, you perform the do_delete that does
