@sgiehl opened this Pull Request on March 14th 2015 Member

See #7432

Removed the action attribute from the login form. Without the attribute the browser will automatically use the current url. That also includes the hash, which we do not have available on server side.

It's quite a simple change. But I'm not sure if it opens up the form to any security attack.

@mattab commented on March 16th 2015 Owner

it works, didn't know about this trick :+1:

@mattab commented on March 16th 2015 Owner

(fyi: added not-in-changelog label to PR so we don't get two entries in changelog for the one issue)

This Pull Request was closed on March 16th 2015
Powered by GitHub Issue Mirror