Project

General

Profile

Actions

Bug #2386

closed

Backend forms need token protection checks

Added by beat over 13 years ago. Updated over 13 years ago.

Status:
Closed
Priority:
Normal
Assignee:
Target version:
Start date:
09 March 2011
Due date:
% Done:

100%

Estimated time:

Description

All backend forms have token protections with cbGetSpoofInputTag(), but save functions e.g. saveCategoryEdit evaluating posts need to check them to protect against CSRF attacks

This is done with cbSpoofCheck( 'plugin' ); in this case.

Actions #1

Updated by beat over 13 years ago

Not only save but actions like order up and down and publish/unpublish need token checks

Actions #2

Updated by beat over 13 years ago

  • Subject changed from Backend forms need token protection to Backend forms need token protection checks
Actions #3

Updated by krileon over 13 years ago

  • Status changed from New to Resolved
  • Assignee changed from krileon to beat
  • % Done changed from 0 to 100

Fixed in r1613

Actions #4

Updated by krileon over 13 years ago

  • Status changed from Resolved to Closed
Actions

Also available in: Atom PDF