Nicolas Brassard

@michael-e a config value (with default to the current behavior) would be the better way to offer both. Any attempt at finding logic on that is pointless. It's really a...

> That is what I proposed above,isn't it? + > My proposal is: Add a setting to the config file. If set to "yes", generate/get a token (and a session)...

> What about an XSRF extension that provides and validates a token via an event for the frontend? This is the way to go. I've postpone this issue to 2.8.0,...

I would ping @michael-e on this one... But John, do you know where the `%3A` character comes from ?

Funny or not, mod_sec prevents me from using regexp: in the url. I think it would be wise to change this to something else. @cylkee > If pre-populating by field...

The current grouping occurs in PHP, and it does respects the ordering you set, i.e., the first group will be the first entry, sorted by the parameter. So let's say...

@jensscherbl I would also be interested in this feature. But it would also require touching the EntryManager class: https://github.com/symphonycms/symphony-2/blob/master/symphony/lib/toolkit/data-sources/class.datasource.section.php#L511-L522

I personally vote for the status quo.

> but I gave up Yeah most of the people do. But I do run it (I need to), and loosing the ability to filter with 'contains' is rather annoying......

> Simply translating parameter names wouldn't make it any safer either, IMHO. That's right. It is more of a 'hosting compatibility' issue. mod_sec can't know for sure that the 'regexp'...