From: Dan Untenzu Date: Wed, 18 Jan 2017 18:00:44 +0000 (+0100) Subject: [FEATURE] Installer: Remove (unknown) form target URL X-Git-Tag: 3.0.0~26 X-Git-Url: https://git.p6c8.net/jirafeau.git/commitdiff_plain/50f88df47f6d5b3cb5dc20fb2e9d3022862adbcf?hp=c147db2590b6add287eac571b1ce751be734b2ea [FEATURE] Installer: Remove (unknown) form target URL The domain on which Jirafeau is running, is not yet defined while installing the project. In order to build valid action links for the form, the script generated a possible URL using the request header. This method may fail for proxies or while using HTTPS or due to spoofing or… In HTML5 we can safely omnit the action attribute (see http://stackoverflow.com/a/9678030), which will cause the browser to send the request to the exact same URL again. This way we can avoid the URL guessing during the installation. Refs #79 --- diff --git a/install.php b/install.php index 2d7afd9..fbd3667 100644 --- a/install.php +++ b/install.php @@ -206,8 +206,7 @@ case 1: default: ?>

" method = "post">

" method = "post">

" method = "post">

" method = "post">

'.$err['why'].'
'.NL; - ?>