I agree. A little bit of a problem is that both Zope 2 Book and the ZMI
do not seem to agree. I guess was/is not the practice that Zope 2
developers endorsed/followed. But "Zope2 is beyond help" (C) Chris M.,
(taken out of context by me :-))
Florent Guillaume wrote:
Michael Vartanyan wrote:
I guess changing the form method to GET is not going to be liked by
browsers that put additional restrictions on URL length. So I would
propose to introduce a basic request sanity check in the
manage_changePermissions itself. I cannot think of any use for
resetting all permissions and acquisition for everyone, so the
easiest way to do that is to simply check that at least something
exists in the form:
Actually the proper way to do it, and for exactly the reasons you
outlined above, is to always do a redirect to a "result page" url
after a POST that has side effects. It's even mandated by the
HTTP/HTML specs.
Florent
_______________________________________________
Zope maillist - Zope@zope.org
http://mail.zope.org/mailman/listinfo/zope
** No cross posts or HTML encoding! **
(Related lists -
http://mail.zope.org/mailman/listinfo/zope-announce
http://mail.zope.org/mailman/listinfo/zope-dev )