Ticket #750 (closed enhancement: fixed)

Opened 13 months ago

Last modified 2 months ago

CSRF: Enforce action token

Reported by: marcus Owned by:
Priority: high Milestone:
Component: Core Version: 1.2
Severity: major Keywords:
Cc: brettp

Description

As discussed here  http://groups.google.com/group/elgg-contributors-core-discussion/browse_thread/thread/e0b058d0223b35d

Change History

Changed 13 months ago by marcus

  • priority changed from minor to major

Changed 10 months ago by marcus

Problem with this is that there are situations (long bp and comments) where a time limited form does not make sense.

Changed 2 months ago by brettp

  • status changed from new to closed
  • resolution set to fixed

(In [3821]) Fixes #750: All actions require elgg_ts and elgg_token.

Note: See TracTickets for help on using tickets.