On Thursday 19 October 2006 17:05, Heine Deelstra wrote:
Now, for those people who like lists:
Thanks, Heine!
- 4.7 modules that do not call form_render on an entire form
<snip>
- 4.6 modules that define at least on raw html form (via <form action ="" etc) backport
<snip>
-4.6 themes that define at least one raw html form
<snip>
- Modules containing forms without a form_id_submit or call_back_submit function. Note that these forms will continue to function.
False positives / negatives may be present:
googlesearch
This module (of which I am maintainer) has one form, which explicitly targets Google's search API. It never actually posts back to Drupal itself. Is it safe to assume, then, that it's a false positive and doesn't pose a security risk? (If there's something I need to change, I will do so post haste, but it sounds like it's safe since the module does so little.) -- Larry Garfield AIM: LOLG42 larry@garfieldtech.com ICQ: 6817012 "If nature has made any one thing less susceptible than all others of exclusive property, it is the action of the thinking power called an idea, which an individual may exclusively possess as long as he keeps it to himself; but the moment it is divulged, it forces itself into the possession of every one, and the receiver cannot dispossess himself of it." -- Thomas Jefferson