do not use links but POST form to change SSL settings. Proper web apps should never change data with GET requests

This commit is contained in:
Christian Weiske 2011-05-11 06:44:49 +02:00
parent c13689813e
commit 9d91f1bee1

View file

@ -13,7 +13,13 @@
<tbody> <tbody>
<?php foreach($sslClientCerts as $cert) { ?> <?php foreach($sslClientCerts as $cert) { ?>
<tr <?php if ($cert->isCurrent()) { echo 'class="ssl-current"'; } ?>> <tr <?php if ($cert->isCurrent()) { echo 'class="ssl-current"'; } ?>>
<td><a href="#FIXME">delete</a></td> <td>
<form method="post" action="#FIXME">
<button type="submit" name="action" value="deleteClientCert">
<?php echo T_('delete'); ?>
</button>
</form>
</td>
<td><?php echo htmlspecialchars($cert->sslSerial); ?></td> <td><?php echo htmlspecialchars($cert->sslSerial); ?></td>
<td><?php echo htmlspecialchars($cert->sslName); ?></td> <td><?php echo htmlspecialchars($cert->sslName); ?></td>
<td><?php echo htmlspecialchars($cert->sslEmail); ?></td> <td><?php echo htmlspecialchars($cert->sslEmail); ?></td>
@ -31,9 +37,11 @@
<p><?php echo T_('Your current certificate is already registered with your account.'); ?></p> <p><?php echo T_('Your current certificate is already registered with your account.'); ?></p>
<?php } else { ?> <?php } else { ?>
<p> <p>
<a href="#FIXME"> <form method="post" action="#FIXME">
<?php echo T_('Register current certificate to automatically login.'); ?> <button type="submit" name="action" value="registerCurrentCert">
</a> <?php echo T_('Register current certificate to automatically login.'); ?>
</button>
</form>
</p> </p>
<?php } ?> <?php } ?>
<?php } else { ?> <?php } else { ?>