[dev] [cvs] commit: ansel xrequest.php

[Chuck Hagenbuch]

Quoting Michael Rubinsky <mike at theupstairsroom.com>:

>   Log:
>   Guess we should also check perms here again in case someone tries  
> to pass info directly to the xrequest.php script.

Yes, definitely. It's worth emphasizing that we _always_ need to check  
permissions on anything that's requestable, even if it's not a  
"normal" flow to type it in or even if you can only do it with a form  
POST.

-chuck