Hi Samuel, > Take a look at the attached file. If I'm logged in as an administrator > who can normally see and submit the /admin/users.html page, and I load > the attached file in my browser (with the server names in the source > code correct, of course), and I fill in the form and hit "Save changes", > will it add only that one user, or will it delete all other users?
snippet from Pootle/users.py: 362 for key, value in argdict.iteritems(): 363 if key.startswith("userremove-"): 364 usercode = key.replace("userremove-", "", 1) 365 if self.hasuser(users, usercode): 366 raise NotImplementedError("Can't remove users") Essentially this code would remove (if it would be implemented) only the users, which are passed via an "userremove-foo" variable. Thus submitting your almost empty user page would not do any harm. Someone please correct me, if I am wrong ... Anyway: good question! regards, Lars ------------------------------------------------------------------------- This SF.Net email is sponsored by the Moblin Your Move Developer's challenge Build the coolest Linux based applications with Moblin SDK & win great prizes Grand prize is a trip for two to an Open Source event anywhere in the world http://moblin-contest.org/redirect.php?banner_id=100&url=/ _______________________________________________ Translate-pootle mailing list Translate-pootle@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/translate-pootle