Changes between Initial Version and Version 1 of Ticket #28798, comment 6
- Timestamp:
- 10/15/2021 01:25:45 PM (3 years ago)
Legend:
- Unmodified
- Added
- Removed
- Modified
-
Ticket #28798, comment 6
initial v1 3 3 Today i found this one, i wanted to comment the suggestion above, as it's pretty old. 4 4 5 For everybody trying to do this: do not do it. Reset/login functions can be overriden with POST, so if you allow action=postpass , you also allow everything else. Maybe it was possible in the past but now it is not.5 For everybody trying to do this: do not do it. Reset/login functions can be called by overriding action with POST, so if you allow action=postpass , you also allow everything else. Maybe it was possible in the past but now it is not. 6 6 7 7 I really think both pages should be separated..