all you need On Tue, Jun 12, 2007 at 01:08:43AM +0800, [EMAIL PROTECTED] wrote: > (The following is a warning to fellow WWWOFFLE-users to > keep anything recursive away from reading pages via > WWWOFFLE, if you are an AddCacheInfo user.)
> That must have been it, my hogwild recursive request. > Therefore please add a CAPTCHA math test to that delete > page... This is wrong solution. To avoid such nasty things, all irreversible operations must be performed by POST requests. This is what recommended by w3c for "all state-changing" requests. For now you should disable modify-html when you use wget (not only because of this issue). There is a tricky way to achieve it without changing configs. WWWOFFLE does not modify pages when ht/dig or some other indexing bot requests it. It looks info "User-Agent" header. So, if you run wget with --user-agent="ht/dig" (read the sources for exact value for user-agent, I don't remember), you will not receive the links to delete and other links from footer. btw, there is already http authentication for deletion. how did wget pass it? -- Max
