[development] Handling optional parameters

Derek Wright drupal at dwwright.net
Wed Sep 24 18:47:50 UTC 2008

On Sep 24, 2008, at 7:49 AM, Nancy Wichmann wrote:

> Will I be tarred and feathered for going the $_GET route?

Not if you're careful with the input. ;)

Also, you shouldn't be taking any action just from a GET request, or  
you're opening yourself to CSRF (Cross site request forgery).  To  
avoid this, you need a confirm form that uses POST to actually  
trigger the action.

Regards from the security team,
-Derek (dww)

More information about the development mailing list