Vote up/down should be done via POST

snytkine / LampCMS

Open source Question and Answer program similar to StackOverflow and Quora in PHP + MongoDB. Follow @snytkine on Twitter

http://support.lampcms.com

323 stars 104 forks source link

Vote up/down should be done via POST #89

Open snytkine opened 12 years ago

snytkine commented 12 years ago

Change templates and vote controller to submit UP/DOWN votes by POST only and require csrf token. This will make voting more secure. Can use 2 different submit buttons to indicate up or down vote.