View Issue Details
|ID||Project||Category||View Status||Date Submitted||Last Update|
|0020146||mantisbt||plug-ins||public||2015-09-28 11:56||2015-09-30 02:55|
|Summary||0020146: print_button with security token does not work for plugin pages|
When using the function print_button (print_api.php)
internally, it uses the form action page to print the token field:
when using plugin_page() to get an url, the base page is plugin.php, and plugin page is specified with GET parameter.
|Steps To Reproduce|
For this to work properly, print_button needs to know the form name used to create the token. Could be passed as an additional (optional) parameter
|Tags||No tags attached.|
A possible alternative could be to define a new API function plugin_print_button()
that makes sense.
however, the original issue still exists. Separating token creation, from token print in page, must carry both "token" string and "form_id" string against which is created (and validated).
To be honest I have not thought this all the way through... You're probably right and this is a typical example of our aging API where the validation was added much later.