Actions
Bug #2386
closedBackend forms need token protection checks
Description
All backend forms have token protections with cbGetSpoofInputTag(), but save functions e.g. saveCategoryEdit evaluating posts need to check them to protect against CSRF attacks
This is done with cbSpoofCheck( 'plugin' ); in this case.
Updated by beat almost 14 years ago
Not only save but actions like order up and down and publish/unpublish need token checks
Updated by beat almost 14 years ago
- Subject changed from Backend forms need token protection to Backend forms need token protection checks
Updated by krileon almost 14 years ago
- Status changed from New to Resolved
- Assignee changed from krileon to beat
- % Done changed from 0 to 100
Fixed in r1613
Actions