From 50f88df47f6d5b3cb5dc20fb2e9d3022862adbcf Mon Sep 17 00:00:00 2001 From: Dan Untenzu Date: Wed, 18 Jan 2017 19:00:44 +0100 Subject: [PATCH 1/1] [FEATURE] Installer: Remove (unknown) form target URL MIME-Version: 1.0 Content-Type: text/plain; charset=utf8 Content-Transfer-Encoding: 8bit The domain on which Jirafeau is running, is not yet defined while installing the project. In order to build valid action links for the form, the script generated a possible URL using the request header. This method may fail for proxies or while using HTTPS or due to spoofing or… In HTML5 we can safely omnit the action attribute (see http://stackoverflow.com/a/9678030), which will cause the browser to send the request to the exact same URL again. This way we can avoid the URL guessing during the installation. Refs #79 --- install.php | 15 +++++---------- 1 file changed, 5 insertions(+), 10 deletions(-) diff --git a/install.php b/install.php index 2d7afd9..fbd3667 100644 --- a/install.php +++ b/install.php @@ -206,8 +206,7 @@ case 1: default: ?>

" method = "post">

" method = "post">

" method = "post">

" method = "post">

'.$err['why'].'
'.NL; - ?>