Currently, you can POST to the install script and it will add a user and links to the database without actually verifying that you were the one who actually filled in the form and pressed install.
Even on POST, it should check to see whether the database has already been set up before processing.
Currently, you can
POST
to the install script and it will add a user and links to the database without actually verifying that you were the one who actually filled in the form and pressed install.Even on POST, it should check to see whether the database has already been set up before processing.