Ticket #12447 (confirmed Bug)

Opened 4 years ago

Last modified 3 years ago

content state changes are exposed as a link in the green bar "State: [current state]" menu causing a GET request with side effects

Reported by: arterrey Owned by:
Priority: major Milestone: 4.x
Component: General Version: 4.1
Keywords: Cc:

Description

GET should not have side effects, this should be POST request. This would also fix #11970

Otherwise, things like an internal crawler crawling to content_status_modify?workflow_action=retract object could accidentally unpublish your front page. Or, probably more relivatne, some browsers have extensions (or directly implement) pre-rendering of pages you might click on - this shouldn't be a link that could be a candidate for that kind of feature.

Change History

comment:1 Changed 4 years ago by kleist

  • Status changed from new to confirmed
  • Version set to 4.1
  • Component changed from Unknown to General
  • Milestone set to 4.x

comment:2 Changed 3 years ago by kleist

see also #11970

Note: See TracTickets for help on using tickets.