Sheesh. That *is* a doozy and I think you are right restricting the action to only accept POST should work. I'm not sure why that restriction is not already in place.
- Dave On Thu, Feb 12, 2009 at 4:48 PM, Dick Davies <[email protected]> wrote: > I've filed this as https://issues.apache.org/roller/browse/ROL-1788 > > immediate hunch is that this could be fixed by either requiring POSTs > to that action, > or having the code only change the checkbox state if the http request > provides values for them. > > On Thu, Feb 12, 2009 at 3:30 PM, Dick Davies > <[email protected]> wrote: >> I just found a doozy of a bug in the admin screens, thought I'd mention it >> here. >> >> I was logged into the admin app and had just changed some settings, so >> my location bar looked like >> >> http://blogname.co.uk/roller-ui/admin/globalConfig!save.rol >> >> If I select that URL and hit enter (forcing a reload of that page), >> all the checkboxes on >> that view are deselected - disabling every associated option. You >> don't need to hit save, >> the changes are applied immediately (guessing because of the !save.rol >> at the end?). >> >> Found this out by bookmarking what I thought was the admin screen.... >> how we laughed (after the users had calmed down a bit). >> >
