tag:blogger.com,1999:blog-7504541480590020244.post4830618988166235750..comments2023-05-27T02:53:26.857-07:00Comments on itarato: Drupal module challengeAnonymoushttp://www.blogger.com/profile/10043998745905287618noreply@blogger.comBlogger4125tag:blogger.com,1999:blog-7504541480590020244.post-82498862126074712652013-02-19T14:13:34.431-08:002013-02-19T14:13:34.431-08:00Hi Laszlo,
Ups, you're very right, thank you v...Hi Laszlo,<br />Ups, you're very right, thank you very much! I guess you're referring to the url tokens: http://api.drupal.org/api/drupal/includes%21common.inc/function/drupal_valid_token/7, right?<br />Thanks :)Anonymoushttps://www.blogger.com/profile/10043998745905287618noreply@blogger.comtag:blogger.com,1999:blog-7504541480590020244.post-54498524208265877352013-02-18T12:44:02.943-08:002013-02-18T12:44:02.943-08:00I can see only one drawback at this time of the ni...I can see only one drawback at this time of the night: your solution seems to have a CSRF in it: it changes the DB without checking if there was a proper link displayed at all (hiding this behind a permission check is not enough). I would add a token to that link to get rid of this attack vector, and check the validity of this token before changing the DB.CSÉCSY Lászlóhttp://csecsy.hunoreply@blogger.comtag:blogger.com,1999:blog-7504541480590020244.post-36614636323430864832013-01-14T09:18:34.450-08:002013-01-14T09:18:34.450-08:00Hi Mike :) Thanks so much. I really like the initi...Hi Mike :) Thanks so much. I really like the initiative. It let's you to compare your solution to other talented developers' work. For me and most probably for others it's really valuable.<br />I'll be definitely doing some in the future too :)<br />PeterAnonymoushttps://www.blogger.com/profile/10043998745905287618noreply@blogger.comtag:blogger.com,1999:blog-7504541480590020244.post-73250230093984120202013-01-14T07:34:40.038-08:002013-01-14T07:34:40.038-08:00Peter,
Thanks so much for your submission. Your ...Peter,<br /><br />Thanks so much for your submission. Your submission was solid and definitely above a lot of the other competitiors. We hope you'll come back for future challenges!<br /><br />Mike Kadin<br />The Module OffMike Kadinhttp://moduleoff.comnoreply@blogger.com