Item1469: You cannot verify registration by clicking as instructed on…

… the link in the email after the register blocks GET We were a bit fast also blocking register I would be very sad if a new user has to navigate back to foswiki and copy paste the verification code. If there are functions related to register that needs to be blocked then we have to do that but not for verify. I am removing the generic block on register script again. Also I cannot see a direct exploit in this. Anyone can register. They always could and they always should be able to unless registration is disabled. git-svn-id: http://svn.foswiki.org/branches/Release01x00@3559 0b4bb1d4-4e5a-0410-9cc4-b2b747904278
foswiki · Apr 19, 2009 · d38134d · d38134d
1 parent 0f0a4ba
commit d38134d
Show file tree

Hide file tree

Showing 2 changed files with 0 additions and 3 deletions.
diff --git a/core/data/System/CommandAndCGIScripts.txt b/core/data/System/CommandAndCGIScripts.txt
@@ -190,8 +190,6 @@ TODO:
 | *Parameter* | *Description* | *Default* |
 | =action= | =register= or =verify= or =resetPassword= or =approve= | |
 
-*%X% Note:* The =register= script can only be called via the HTTP POST method. Make sure you specify =method="post"= if you call the =register= script via a form action. It is not possible to call =register= from an =&lt;A href= link.
-
 ---+++ =rename=
 Used for renaming webs, topics and attachments.
 

diff --git a/core/lib/Foswiki/UI.pm b/core/lib/Foswiki/UI.pm
@@ -80,7 +80,6 @@ BEGIN {
         package => 'Foswiki::UI::Register',
         function => 'register_cgi',
         context => { register => 1 },
-        allow => { POST => 1 },
     };
     $Foswiki::cfg{SwitchBoard}{rename} = {
         package => 'Foswiki::UI::Manage',