Item1469: You cannot verify registration by clicking as instructed on…

… the link in the email after the register blocks GET Earlier I reverted the complete block of GET with script register. I have now re-applied the block but excepted the method verify. This way all is blocked except the verification of registration via email link. That open entry should be harmless. I added a new string in the messages. Since it is a geek error message normal people should never see it does no harm. We already have similar error messag$ I added the new string to all the locale files. And I translated those I could myself or with help from people available. git-svn-id: http://svn.foswiki.org/branches/Release01x00@3562 0b4bb1d4-4e5a-0410-9cc4-b2b747904278
foswiki · Apr 19, 2009 · beeb2d8 · beeb2d8
1 parent d38134d
commit beeb2d8
Show file tree

Hide file tree

Showing 24 changed files with 103 additions and 3 deletions.
diff --git a/core/data/System/CommandAndCGIScripts.txt b/core/data/System/CommandAndCGIScripts.txt
@@ -190,6 +190,8 @@ TODO:
 | *Parameter* | *Description* | *Default* |
 | =action= | =register= or =verify= or =resetPassword= or =approve= | |
 
+*%X% Note:* The =register= script can only be called via the HTTP POST method except when the action is =verify=. Make sure you specify =method="post"= if you call the =register= script via a form action. It is not possible to call =register= from an =&lt;A href= link. The =verify= action is an exception as it is used to verify registration by clicking a href link from an email.
+
 ---+++ =rename=
 Used for renaming webs, topics and attachments.
 

diff --git a/core/lib/Foswiki/UI.pm b/core/lib/Foswiki/UI.pm
@@ -80,6 +80,8 @@ BEGIN {
         package => 'Foswiki::UI::Register',
         function => 'register_cgi',
         context => { register => 1 },
+        # method verify must allow GET; protect in Foswiki::UI::Register
+        #allow => { POST => 1 },
     };
     $Foswiki::cfg{SwitchBoard}{rename} = {
         package => 'Foswiki::UI::Manage',

diff --git a/core/lib/Foswiki/UI/Register.pm b/core/lib/Foswiki/UI/Register.pm
@@ -51,7 +51,19 @@ sub register_cgi {
 
     # NB. bulkRegister invoked from ManageCgiScript.
 
-    my $action = $session->{request}->param('action') || '';
+    my $query = $session->{request};
+    my $action = $query->param('action') || '';
+
+    if ( $action ne 'verify' && $query && $query->method() &&
+                                uc($query->method()) ne 'POST') {
+        throw Foswiki::OopsException(
+            'attention',
+            web   => $session->{webName},
+            topic => $session->{topicName},
+            def   => 'post_method_only',
+            params => [ 'upload' ]
+        );    
+    }
 
     if ( $action eq 'register' ) {
         if ( !$session->inContext('registration_supported') ) {

diff --git a/core/locale/Foswiki.pot b/core/locale/Foswiki.pot
@@ -1473,7 +1473,11 @@ msgstr ""
 msgid "If you haven't set a password yet or you want to reset it, go to: %1"
 msgstr ""
 
-#: core/templates/messages.tmpl:423
+#: core/templates/messages.tmpl:420
+msgid "The =%1= script can only be called with POST method."
+msgstr ""
+
+#: core/templates/messages.tmpl:424
 msgid ""
 "If you received a link to this topic in an e-mail or just want to look at "
 "the topic, [[%1][cancel save]] to go to %2."

diff --git a/core/locale/bg.po b/core/locale/bg.po
@@ -1415,6 +1415,10 @@ msgstr "Ако имате въпроси, моля свържате се с %1."
 msgid "If you haven't set a password yet or you want to reset it, go to: %1"
 msgstr "Ако не сте задали парола все още или желаете д я промените, отидете на  %1"
 
+#: core/templates/messages.tmpl:420
+msgid "The =%1= script can only be called with POST method."
+msgstr ""
+
 #: core/templates/messages.tmpl:423
 msgid "If you received a link to this topic in an e-mail or just want to look at the topic, [[%1][cancel save]] to go to %2."
 msgstr ""

diff --git a/core/locale/cs.po b/core/locale/cs.po
@@ -1631,6 +1631,10 @@ msgid "If you haven't set a password yet or you want to reset it, go to: %1"
 msgstr ""
 "Pokud jste zatím nenastavil heslo nebo ho chcete znovu nastavit, jděte na: %1"
 
+#: core/templates/messages.tmpl:420
+msgid "The =%1= script can only be called with POST method."
+msgstr ""
+
 #: core/templates/messages.tmpl:423
 msgid ""
 "If you received a link to this topic in an e-mail or just want to look at "

diff --git a/core/locale/da.po b/core/locale/da.po
@@ -1617,6 +1617,10 @@ msgstr ""
 "Hvis du ikke har valgt et password endnu, eller du ønsker at nulstille det, "
 "så gå til: %1"
 
+#: core/templates/messages.tmpl:420
+msgid "The =%1= script can only be called with POST method."
+msgstr "Scriptet =%1= kan kun kaldes med metoden POST."
+
 #: core/templates/messages.tmpl:423
 msgid ""
 "If you received a link to this topic in an e-mail or just want to look at "

diff --git a/core/locale/de.po b/core/locale/de.po
@@ -1635,6 +1635,10 @@ msgstr ""
 "Wenn Sie noch kein Passwort gewählt haben oder es zurücksetzen wollen gehen "
 "Sie nach: %1"
 
+#: core/templates/messages.tmpl:420
+msgid "The =%1= script can only be called with POST method."
+msgstr "Das =%1= Skript kann nur mit der POST Methode verwendet werden."
+
 #: core/templates/messages.tmpl:423
 msgid ""
 "If you received a link to this topic in an e-mail or just want to look at "

diff --git a/core/locale/es.po b/core/locale/es.po
@@ -1620,6 +1620,10 @@ msgid "If you haven't set a password yet or you want to reset it, go to: %1"
 msgstr ""
 "Si no ha configurado una contraseña aún o quiere reiniciarla, vaya a: %1"
 
+#: core/templates/messages.tmpl:420
+msgid "The =%1= script can only be called with POST method."
+msgstr ""
+
 #: core/templates/messages.tmpl:423
 msgid ""
 "If you received a link to this topic in an e-mail or just want to look at "

diff --git a/core/locale/fi.po b/core/locale/fi.po
@@ -1415,6 +1415,10 @@ msgstr "Kysymyksiisi vastaa %1."
 msgid "If you haven't set a password yet or you want to reset it, go to: %1"
 msgstr ""
 
+#: core/templates/messages.tmpl:420
+msgid "The =%1= script can only be called with POST method."
+msgstr ""
+
 #: core/templates/messages.tmpl:423
 msgid "If you received a link to this topic in an e-mail or just want to look at the topic, [[%1][cancel save]] to go to %2."
 msgstr ""

diff --git a/core/locale/fr.po b/core/locale/fr.po
@@ -1413,6 +1413,10 @@ msgstr "Si vous avez des questions, vous pouvez contacter %1."
 msgid "If you haven't set a password yet or you want to reset it, go to: %1"
 msgstr "Si vous n'avez pas encore choisi de mot de passe, ou si vous souhaitez le réinitialisez, allez sur la page %1"
 
+#: core/templates/messages.tmpl:420
+msgid "The =%1= script can only be called with POST method."
+msgstr "Le script =%1= peut être appelé seulement avec la méthode POST"
+
 #: ../core/templates/messages.tmpl:423
 msgid "If you received a link to this topic in an e-mail or just want to look at the topic, [[%1][cancel save]] to go to %2."
 msgstr "Si vous avez reçu un lien vers cette page par e-mail, ou si vous souhaitez seulement consulter cette page, cliquez sur [[%1][annuler l'enregistrement]] pour vous rendre sur %2."

diff --git a/core/locale/it.po b/core/locale/it.po
@@ -1620,6 +1620,10 @@ msgstr "Per qualsiasi richiesta contattare %1."
 msgid "If you haven't set a password yet or you want to reset it, go to: %1"
 msgstr "Se non hai già definito una password o vuoi ridefinirla, vai a %1"
 
+#: core/templates/messages.tmpl:420
+msgid "The =%1= script can only be called with POST method."
+msgstr ""
+
 #: core/templates/messages.tmpl:423
 msgid ""
 "If you received a link to this topic in an e-mail or just want to look at "

diff --git a/core/locale/ja.po b/core/locale/ja.po
@@ -1596,6 +1596,10 @@ msgstr ""
 "パスワードを設定していない場合、又はパスワードを変更したい場合は、 %1へ行って"
 "してください"
 
+#: core/templates/messages.tmpl:420
+msgid "The =%1= script can only be called with POST method."
+msgstr ""
+
 #: core/templates/messages.tmpl:423
 msgid ""
 "If you received a link to this topic in an e-mail or just want to look at "
@@ -1710,7 +1714,7 @@ msgid ""
 "as spaces will automatically be removed."
 msgstr ""
 "新トピックを作成する時、<a target='WikiWord' class='twikiPopUp' href='%1' "
-"rel='nofollow'>WikiWord</a>を½¿用したほうがいいです。そうしないと、オートリン"
+"rel='nofollow'>WikiWord</a>を½¿用したほうがいいです。そうしないと、オーリン"
 "クの生成が無効になる可能性があります。他に、トピック名として認められないキャ"
 "ラクター、例えばスペースは自動的に削除されます。"
 

diff --git a/core/locale/nl.po b/core/locale/nl.po
@@ -1596,6 +1596,10 @@ msgstr ""
 "Als je nog geen wachtwoord hebt ingesteld, of als je het wachtwoord opnieuw "
 "wilt instellen, ga dan naar %1"
 
+#: core/templates/messages.tmpl:420
+msgid "The =%1= script can only be called with POST method."
+msgstr ""
+
 #: core/templates/messages.tmpl:423
 msgid ""
 "If you received a link to this topic in an e-mail or just want to look at "

diff --git a/core/locale/no.po b/core/locale/no.po
@@ -1585,6 +1585,10 @@ msgstr "Dersom du harspørsmål vennlighst kontakt %1."
 msgid "If you haven't set a password yet or you want to reset it, go to: %1"
 msgstr "Hvis du ikke har satt et passord enda eller vil endre det, gå til: %1"
 
+#: core/templates/messages.tmpl:420
+msgid "The =%1= script can only be called with POST method."
+msgstr "Skriptet =%1= kan kun kalles med metoden POST."
+
 #: core/templates/messages.tmpl:423
 msgid ""
 "If you received a link to this topic in an e-mail or just want to look at "

diff --git a/core/locale/pl.po b/core/locale/pl.po
@@ -1637,6 +1637,10 @@ msgstr ""
 "Jeśli jeszcze nie podałeś hasła lub chcesz je zresetować, to przejdź na "
 "stronę: %1"
 
+#: core/templates/messages.tmpl:420
+msgid "The =%1= script can only be called with POST method."
+msgstr ""
+
 #: core/templates/messages.tmpl:423
 msgid ""
 "If you received a link to this topic in an e-mail or just want to look at "

diff --git a/core/locale/pt-br.po b/core/locale/pt-br.po
@@ -1592,6 +1592,10 @@ msgstr ""
 "Se você não tiver registrado uma senha ainda ou se quiser restaurá-la, vá "
 "para: %1"
 
+#: core/templates/messages.tmpl:420
+msgid "The =%1= script can only be called with POST method."
+msgstr "O script =%1= pode ser executado somente através do método POST"
+
 #: core/templates/messages.tmpl:423
 msgid ""
 "If you received a link to this topic in an e-mail or just want to look at "

diff --git a/core/locale/pt.po b/core/locale/pt.po
@@ -1592,6 +1592,10 @@ msgstr ""
 "Se você não tiver registrado uma senha ainda ou se quiser restaurá-la, vá "
 "para: %1"
 
+#: core/templates/messages.tmpl:420
+msgid "The =%1= script can only be called with POST method."
+msgstr ""
+
 #: core/templates/messages.tmpl:423
 msgid ""
 "If you received a link to this topic in an e-mail or just want to look at "

diff --git a/core/locale/ru.po b/core/locale/ru.po
@@ -1663,6 +1663,10 @@ msgid "If you haven't set a password yet or you want to reset it, go to: %1"
 msgstr ""
 "Если Вы не задали пароль или хотите его сбросить, перейдите по ссылке: %1"
 
+#: core/templates/messages.tmpl:420
+msgid "The =%1= script can only be called with POST method."
+msgstr ""
+
 #: core/templates/messages.tmpl:423
 msgid ""
 "If you received a link to this topic in an e-mail or just want to look at "

diff --git a/core/locale/sv.po b/core/locale/sv.po
@@ -1415,6 +1415,10 @@ msgstr "Kontakta %1 om du har frågor."
 msgid "If you haven't set a password yet or you want to reset it, go to: %1"
 msgstr "Om du inte valt ett lösenord ännu eller vill nollställa det så gå till: %1"
 
+#: core/templates/messages.tmpl:420
+msgid "The =%1= script can only be called with POST method."
+msgstr "Skriptet =%1= kan endast kallas med metoden POST."
+
 #: core/templates/messages.tmpl:423
 msgid "If you received a link to this topic in an e-mail or just want to look at the topic, [[%1][cancel save]] to go to %2."
 msgstr "Om du mottog en länk till denna sida per e-post eller bara vill titta på sidan så  [[%1][avbryt sparandet]] och gå till %2."

diff --git a/core/locale/uk.po b/core/locale/uk.po
@@ -1625,6 +1625,10 @@ msgid "If you haven't set a password yet or you want to reset it, go to: %1"
 msgstr ""
 "Якщо Ви не задали пароль або хочете його скинути, перейдіть за посиланням: %1"
 
+#: core/templates/messages.tmpl:420
+msgid "The =%1= script can only be called with POST method."
+msgstr ""
+
 #: core/templates/messages.tmpl:423
 msgid ""
 "If you received a link to this topic in an e-mail or just want to look at "

diff --git a/core/locale/zh-cn.po b/core/locale/zh-cn.po
@@ -1368,6 +1368,10 @@ msgstr "任何问题，请联系 %1。"
 msgid "If you haven't set a password yet or you want to reset it, go to: %1"
 msgstr "若您尚未设定密码，或想重设密码，请到: %1"
 
+#: core/templates/messages.tmpl:420
+msgid "The =%1= script can only be called with POST method."
+msgstr ""
+
 #: core/templates/messages.tmpl:423
 msgid "If you received a link to this topic in an e-mail or just want to look at the topic, [[%1][cancel save]] to go to %2."
 msgstr "若您从收到的电子邮件连到这儿或只是浏览这个主题，请 [[%1][取消存档]] 并转到 %2。"

diff --git a/core/locale/zh-tw.po b/core/locale/zh-tw.po
@@ -1368,6 +1368,10 @@ msgstr "任何問題，請聯繫 %1。"
 msgid "If you haven't set a password yet or you want to reset it, go to: %1"
 msgstr "若您尚未設定密碼，或想重設密碼，請到: %1"
 
+#: core/templates/messages.tmpl:420
+msgid "The =%1= script can only be called with POST method."
+msgstr ""
+
 #: core/templates/messages.tmpl:423
 msgid "If you received a link to this topic in an e-mail or just want to look at the topic, [[%1][cancel save]] to go to %2."
 msgstr "若您從收到的電子郵件連到這兒或只是瀏覽這個主題，請 [[%1][取消存檔]] 並轉到 %2。"

diff --git a/core/templates/messages.tmpl b/core/templates/messages.tmpl
@@ -417,6 +417,10 @@
 (%MAKETEXT{"don't forget to check your Topic Settings"}%)
 %TMPL:END%
 
+%TMPL:DEF{post_method_only}%
+%MAKETEXT{"The =[_1]= script can only be called with POST method." args="%PARAM1%"}%
+%TMPL:END%
+
 %TMPL:DEF{bad_script_parameters}%
 %MAKETEXT{"Incorrect parameters to the =[_1]= script" args="%PARAM1%"}%