Re: Problem Linking Within Perl Monks

in reply to Problem Linking Within Perl Monks

I'm sure I'm not the first to think of this and I think I even fell for it on someone else's home node long ago.

And this was fixed a while ago, because if you can send a message (to a user or the chatterbox) just by a simple GET request this is open to CSRF. Actually before this was fixed you were able to put an image tag in your home node and its source was a link to sending a message, so it would have been automatically called when you visited the homenode.
So it's good that this doesn't work anymore (although it's still not fully CSRF protected).

~~Why the prefilled form requires to edit the fields I don't know; it might also be a kind of protection but makes the msg link kind of useless.~~
Update: The prefilled form requires to edit the text field only (not the recipient, like I first thought when looking at the HTML source), and this is probably meant as a protection, so that people really look at the prefilled text before sending it.

Comment on Re: Problem Linking Within Perl Monks

Replies are listed 'Best First'.
Re^2: Problem Linking Within Perl Monks by koolgirl (Hermit) on Jul 31, 2011 at 01:29 UTC
Ah, ok yeah I was just goofin' around having some expiremental linkage fun, but I guess that could be a sticky subject...ok, well can someone out there please pick up a piece of chalk and mark another $#&! up by embarrass herself seventeen times a day on PM. Thanks. P.S. Why is it that I'm always either way over thinking something, or way under thinking something....	[reply]
Re^3: Problem Linking Within Perl Monks by planetscape (Chancellor) on Jul 31, 2011 at 13:42 UTC
Why is it that I'm always either way over thinking something, or way under thinking something.... Occupational hazard for programmers. HTH, planetscape	[reply]

In Section Perl Monks Discussion