Getting form values directly from $_POST bypasses the FAPI security checks entirely, and so is a security problem (in theory, at least - obviously not a critical thing for a dev module like this).
Drupal 5 and 6 both have their own (different, of course!) FAPI-ish ways of doing this, using the multistep forms toolkit. Not the most intuative thing, but if you think of it right all this form is is a multistep form that doesn't care about what 'step' it is on - just a continuous submission process.

Anyway, here are 2 patches for both the Drupal 5 2.x branch and the Drupal 6 branch.

Comments

douggreen’s picture

Status: Needs review » Fixed

The 5.x version works just fine. I had to make one fix to the 6.x version (so that it worked on admin/settings/coder), and I also had to reroll it because of a recent documentation commit. Thanks for the help!

Anonymous’s picture

Status: Fixed » Closed (fixed)

Automatically closed -- issue fixed for two weeks with no activity.