[#25638] - [4.0] Missing behavior.keepalive
- Fixed in Code Base
- 18 Jul 2019
- Medium
- Build: 4.0-dev
- # 25638
- Diff
- brianteeman:keepalive
- Pending Hound Hound is busy sniffing around... Details
User tests: Successful: Unsuccessful:
I'd go with a guideline of if a form gets submitted through POST then it should in most cases have keepalive since that form should have a CSRF check behind it (forms like a create item form, edit form, login form, contact form, etc.), and if it gets submitted through GET it doesn't need a keepalive behavior because these types of forms should essentially be nothing more than query filters for a page. I say this also realizing the backend views are in kind of a FUBAR state because the search filters trigger a POST form submission, and it looks like the frontend com_content.archive view has the same "issue" which means Joomla isn't always using the appropriate HTTP action to do things sadly.
This PR is a result of checking all admin edit.php files and checking that if they have a form submitted through POST they have a behavior.keepalive and a form.token
Partial Pull Request for Issue #25634 .
| Status | New | ⇒ | Pending |
joomla-cms-bot
- | Category | ⇒ | Administration com_banners com_languages com_menus com_users |
| Status | Pending | ⇒ | Fixed in Code Base |
| Closed_Date | 0000-00-00 00:00:00 | ⇒ | 2019-07-18 22:16:49 |
| Closed_By | ⇒ | wilsonge | |
| Labels |
Added:
?
|
||
Thanks. Now if someone can answer the validation question I will be happy
Which validation question sorry? Missing something?
Thanks!