Opened 5 years ago
Closed 5 years ago
#332 closed Defect (fixed)
CSRF possibility in admin menu tasks
| Reported by: | marcus | Owned by: | |
|---|---|---|---|
| Priority: | high | Milestone: | |
| Component: | Version: | ||
| Severity: | major | Keywords: | |
| Cc: | brettp | Difficulty: |
Description
Admin actions on admin pulldown menu are vulnerable to CSRF (although it would require knowing a users guid ahead of time)
Change History (1)
comment:1 Changed 5 years ago by marcus
- Resolution set to fixed
- Status changed from new to closed
Note: See
TracTickets for help on using
tickets.
(In [svn:2056]) Fixes #332: Added tokens and action_gatekeeper()