View Issue Details
ID | Project | Category | View Status | Date Submitted | Last Update |
---|---|---|---|---|---|
0020146 | mantisbt | plug-ins | public | 2015-09-28 11:56 | 2015-09-30 02:55 |
Reporter | cproensa | Assigned To | |||
Priority | low | Severity | minor | Reproducibility | always |
Status | new | Resolution | open | ||
Product Version | 1.3.0-beta.3 | ||||
Summary | 0020146: print_button with security token does not work for plugin pages | ||||
Description | When using the function print_button (print_api.php) internally, it uses the form action page to print the token field: when using plugin_page() to get an url, the base page is plugin.php, and plugin page is specified with GET parameter. | ||||
Steps To Reproduce | code used output | ||||
Additional Information | For this to work properly, print_button needs to know the form name used to create the token. Could be passed as an additional (optional) parameter | ||||
Tags | No tags attached. | ||||
A possible alternative could be to define a new API function plugin_print_button() |
|
that makes sense. however, the original issue still exists. Separating token creation, from token print in page, must carry both "token" string and "form_id" string against which is created (and validated). |
|
To be honest I have not thought this all the way through... You're probably right and this is a typical example of our aging API where the validation was added much later. |
|