Lennart Regebro wrote: > From: "Oliver Bleutgen" <[EMAIL PROTECTED]> > >>I was thinking more of something like adding the checks individually to >>each method in stock zope for which it is appropriate. >> >>Brian is of course right in his other mail by stating that this might >>and will break custom products which use the wrong method, but I >>wouldn't call a global s/method='GET'/method='POST'/g ( SCNR ;-) ) a >>code audit. It might be also made customizable via a command line switch >>to z2.py in the beginning, with default to off. >> > > This would be a huge task. My gut feeling is that it is a lot of work for > very little benefit, although I don't really have any arguments to back that > up with.
Would it really be a huge task? Wouldn't we just have to find all methods which are callable through the web and add two maybe three identical lines of code right at the beginning? Something like (sorry for the wrapping) if REQUEST and REQUEST.has_key('REQUEST_METHOD') and REQUEST['REQUEST_METHOD'] != 'POST': raise APPROPRIATE_ERROR, "Appropriate message" cheers, oliver _______________________________________________ Zope-Dev maillist - [EMAIL PROTECTED] http://lists.zope.org/mailman/listinfo/zope-dev ** No cross posts or HTML encoding! ** (Related lists - http://lists.zope.org/mailman/listinfo/zope-announce http://lists.zope.org/mailman/listinfo/zope )