Opened 4 years ago
Closed 3 years ago
#750 closed Enhancement (fixed)
CSRF: Enforce action token
| Reported by: | marcus | Owned by: | |
|---|---|---|---|
| Priority: | high | Milestone: | |
| Component: | Core | Version: | 1.2 |
| Severity: | major | Keywords: | |
| Cc: | brettp | Difficulty: |
Description
Change History (3)
comment:1 Changed 4 years ago by marcus
- Priority changed from minor to major
comment:2 Changed 4 years ago by marcus
comment:3 Changed 3 years ago by brettp
- Resolution set to fixed
- Status changed from new to closed
(In [svn:3821]) Fixes #750: All actions require elgg_ts and elgg_token.
Note: See
TracTickets for help on using
tickets.
Problem with this is that there are situations (long bp and comments) where a time limited form does not make sense.