diff options
author | Christian Weiske <cweiske@cweiske.de> | 2011-05-11 06:44:49 +0200 |
---|---|---|
committer | Christian Weiske <cweiske@cweiske.de> | 2011-05-11 06:44:49 +0200 |
commit | 9d91f1bee197f8f23547eb81080f2fff22cb49db (patch) | |
tree | 1cd47548d44d0047c852a958c47e2dbaf9b35dbc /data | |
parent | c13689813e71413f3c98664568c47c167c00580a (diff) | |
download | semanticscuttle-9d91f1bee197f8f23547eb81080f2fff22cb49db.tar.gz semanticscuttle-9d91f1bee197f8f23547eb81080f2fff22cb49db.tar.bz2 |
do not use links but POST form to change SSL settings. Proper web apps should never change data with GET requests
Diffstat (limited to 'data')
-rw-r--r-- | data/templates/editprofile-sslclientcerts.tpl.php | 16 |
1 files changed, 12 insertions, 4 deletions
diff --git a/data/templates/editprofile-sslclientcerts.tpl.php b/data/templates/editprofile-sslclientcerts.tpl.php index c43def4..246fb73 100644 --- a/data/templates/editprofile-sslclientcerts.tpl.php +++ b/data/templates/editprofile-sslclientcerts.tpl.php @@ -13,7 +13,13 @@ <tbody> <?php foreach($sslClientCerts as $cert) { ?> <tr <?php if ($cert->isCurrent()) { echo 'class="ssl-current"'; } ?>> - <td><a href="#FIXME">delete</a></td> + <td> + <form method="post" action="#FIXME"> + <button type="submit" name="action" value="deleteClientCert"> + <?php echo T_('delete'); ?> + </button> + </form> + </td> <td><?php echo htmlspecialchars($cert->sslSerial); ?></td> <td><?php echo htmlspecialchars($cert->sslName); ?></td> <td><?php echo htmlspecialchars($cert->sslEmail); ?></td> @@ -31,9 +37,11 @@ <p><?php echo T_('Your current certificate is already registered with your account.'); ?></p> <?php } else { ?> <p> - <a href="#FIXME"> - <?php echo T_('Register current certificate to automatically login.'); ?> - </a> + <form method="post" action="#FIXME"> + <button type="submit" name="action" value="registerCurrentCert"> + <?php echo T_('Register current certificate to automatically login.'); ?> + </button> + </form> </p> <?php } ?> <?php } else { ?> |