[dev] [patch] Giapeto continuation links
Chuck Hagenbuch
chuck at horde.org
Sun Jan 30 19:20:11 PST 2005
Quoting Roel Gloudemans <roel at gloudemans.info>:
> In my opninion this is unwanted behavoir. I've added a patch that will:
> 1) Not exit if the hostname does not exist
> 2) Does not show the security warning if the hostname does not exist.
This is not the right way to go about this; it would open up holes.
> Another solution might be to totally pass go.php when linking
> directly to pages on the own site. (Why is that security warning
> there anyway? It would make sense to me when switching from https to
> http to me)
It is there to combat malicious urls being put into HTML emails sent to Horde
users, etc. The solution here is that Giapeto shouldn't be using
Horde::externalUrl() to link to the same server.
-chuck
--
"But she goes not abroad in search of monsters to destroy." - John
Quincy Adams
More information about the dev
mailing list