I agree. A little bit of a problem is that both Zope 2 Book and the ZMI do not seem to agree. I guess was/is not the practice that Zope 2 developers endorsed/followed. But "Zope2 is beyond help" (C) Chris M., (taken out of context by me :-))

Florent Guillaume wrote:

Michael Vartanyan wrote:

I guess changing the form method to GET is not going to be liked by browsers that put additional restrictions on URL length. So I would propose to introduce a basic request sanity check in the manage_changePermissions itself. I cannot think of any use for resetting all permissions and acquisition for everyone, so the easiest way to do that is to simply check that at least something exists in the form:

Actually the proper way to do it, and for exactly the reasons you outlined above, is to always do a redirect to a "result page" url after a POST that has side effects. It's even mandated by the HTTP/HTML specs.


Zope maillist  -  Zope@zope.org
**   No cross posts or HTML encoding!  **
(Related lists - http://mail.zope.org/mailman/listinfo/zope-announce
http://mail.zope.org/mailman/listinfo/zope-dev )

Reply via email to