- changed status to open
enable (limited) bulk BibTeX upload when auto-save is disabled
Can we support bulk upload of BibTeX without checking ckey such that sites can allow users to import more than one record in BibSonomy? When the records are stored automatically, this can't be enabled, since otherwise a CSRF attack is possible where a malicious site uploads content to the user's account without the user knowing it. But if the user has to acknowledge the posts beforehand, this should be possible.
Please check whether the condition can be relaxed such that when "edit before import" is enabled (and nothing is actually stored!) the user can edit uploaded posts even when no ckey is provided (in the first round).
If possible, limit the number of records/file size in such a case.
Comments (5)
-
reporter -
reporter - changed status to resolved
fixes issue
#2797→ <<cset 6d50de9bf5b4>>
-
Merged in 2797-bulk-bibtex-uploa (pull request #37)
fixes issue
#2797Approved-by: Daniel Zoller nosebrain@gmx.net
→ <<cset a121102847a5>>
-
reporter - changed status to open
Seems not to work -> check!
-
reporter - changed status to closed
Works, just ensure that the parameter "editBeforeImport=true" is set.
- Log in to comment