0021610: Revert to multiple form security tokens per page - MantisBT

ID	Project	Category	View Status	Date Submitted	Last Update

0021610	mantisbt	bugtracker	public	2016-08-14 18:37	2016-08-28 01:12

Reporter	cproensa	Assigned To	cproensa
Priority	normal	Severity	minor	Reproducibility	have not tried
Status	closed	Resolution	fixed
Product Version	1.3.0
Target Version	1.3.1	Fixed in Version	1.3.1

Summary	0021610: Revert to multiple form security tokens per page
Description	Revert the logic introduced by fix for Issue 0020142, in which one single form security token is used for all action links. The side effect is that only one of those actions can be performed from the specific originating page. This is especially a drawback when the actions are links that can be open in new browsers tabs. Reverting to separate tokens allows to perform all the actions without having to reload the originating page. Note, the original performance issue was solved at the session layer with 8092c3d.
Tags	No tags attached.

cproensa 2016-08-14 18:38 developer ~0053799 Last edited: 2016-08-14 18:39	At first i'd go for actions that are presented as links (instead of buttons) Eg: attachment delete links: 0020142 But probably, actions presented as buttons (eg: bugnote delete) shuold also be reverted to previous capabilities.

cproensa 2016-08-14 19:02 developer ~0053800	PR: https://github.com/mantisbt/mantisbt/pull/848

MantisBT: master-1.3.x f160663f 2016-08-14 14:25 cproensa Committer: vboctor Details Diff	Revert multiple tokens for attachement delete links Revert the logic introduced by fix for Issue 0020142, in which one single form security token is used for all action links. The side effect is that only one of those actions can be performed from the specific originating page. This is especially a drawback when the actions are links that can be open in new browsers tabs. Reverting to separate tokens allows to perform all the actions without having to reload the originating page. Note, the original performance issue was solved at the session layer with 8092c3d. Fixes: 0021610	Affected Issues 0020142, 0021610
	mod - core/print_api.php	Diff File
MantisBT: master-1.3.x 77db0389 2016-08-14 14:54 cproensa Committer: vboctor Details Diff	Use multiple tokens for bug revision page As discussed in 0021610, actions presented as links should generate separate form security tokens. This commit fixes the drop revision links for bug_revision_view_page Fixes: 0021610	Affected Issues 0021610
	mod - bug_revision_view_page.php	Diff File