Project

General

Profile

Actions
Copy link

Bug #2386

closed

Backend forms need token protection checks

Bug #2386: Backend forms need token protection checks

Added by beat almost 15 years ago. Updated almost 15 years ago.

Status:
Closed
Priority:
Normal
Assignee:
beat
Target version:
2.0
Start date:
09 March 2011
Due date:
% Done:

100%

Estimated time:

Description

All backend forms have token protections with cbGetSpoofInputTag(), but save functions e.g. saveCategoryEdit evaluating posts need to check them to protect against CSRF attacks

This is done with cbSpoofCheck( 'plugin' ); in this case.

Updated by beat almost 15 years ago Actions
Copy link
 #1

Not only save but actions like order up and down and publish/unpublish need token checks

Updated by beat almost 15 years ago Actions
Copy link
 #2

  • Subject changed from Backend forms need token protection to Backend forms need token protection checks

Updated by krileon almost 15 years ago Actions
Copy link
 #3

  • Status changed from New to Resolved
  • Assignee changed from krileon to beat
  • % Done changed from 0 to 100

Fixed in r1613

Updated by krileon almost 15 years ago Actions
Copy link
 #4

  • Status changed from Resolved to Closed
Actions
Copy link

Also available in: PDF Atom