Modify ↓
Opened 4 years ago
Closed 4 years ago
#13348 closed defect (fixed)
Pref panel on roadmap page adds __FORM_TOKEN to GET request
| Reported by: | Cinc-th | Owned by: | Ryan J Ollos |
|---|---|---|---|
| Priority: | normal | Milestone: | 1.4.3 |
| Component: | roadmap | Version: | 1.4.2 |
| Severity: | normal | Keywords: | |
| Cc: | Branch: | ||
| Release Notes: |
Removed unneeded form token from Roadmap preferences panel. |
||
| API Changes: | |||
| Internal Changes: | |||
Description
When changing the preferences on the roadmap page (e.g. Show completed milestones) and clicking Update a new GET request is sent to Trac.
The GET request has __FORM_TOKEN added as a parameter. This can be seen on this running instance of Trac, too. IMHO the token shouldn't be added for a GET request.
The template where this happens is:
trunk/trac/ticket/templates/roadmap.html@17500:29#L27
Tested with Trac 1.4.2.
Attachments (0)
Change History (3)
comment:1 by , 4 years ago
| Milestone: | → 1.4.3 |
|---|
comment:2 by , 4 years ago
| Owner: | set to |
|---|---|
| Release Notes: | modified (diff) |
| Status: | new → assigned |
So we just need to remove the one line?
-
trac/ticket/templates/roadmap.html
diff --git a/trac/ticket/templates/roadmap.html b/trac/ticket/templates/roadmap.html index fd54e49783..ce6614cd39 100644
a b 26 26 27 27 <form id="prefs" method="get" action="#"> 28 28 <div> 29 ${jmacros.form_token_input()}30 29 <input type="checkbox" id="showcompleted" name="show" 31 30 value="completed"${ 32 31 {'checked': 'completed' in show}|htmlattr}/>
comment:3 by , 4 years ago
| Resolution: | → fixed |
|---|---|
| Status: | assigned → closed |
Note:
See TracTickets
for help on using tickets.
That makes sense.
Confirmed trac/ticket/templates/roadmap.html only has the issue (both 1.4 and trunk).