Item1568: Synchronise form submits with sessions to enhance further security against CSRF

Priority: Enhancement
Current State: Closed
Released In: 1.0.6
Target Release: patch
Applies To: Engine
Reported By: CrawfordCurrie
Waiting For:
Last Change By: KennethLavrsen
At the moment you can't be sure where a form submit comes from. There should be some way of validating it.

-- CrawfordCurrie - 04 May 2009

I consider this fixed. now

Waiting for release.

-- KennethLavrsen - 17 Jun 2009

No; the text of the message is still not quite right. It is very important and muct be spot on.

-- CrawfordCurrie - 18 Jun 2009

OK, now I'm happier.

-- CrawfordCurrie - 18 Jun 2009

Updating language files.

-- KennethLavrsen - 18 Jun 2009

Changed to Enhancement - which it actually is.

-- KennethLavrsen - 19 Jun 2009
Topic revision: r53 - 22 Jun 2009, KennethLavrsen - This page was cached on 16 Jan 2020 - 11:10.

The copyright of the content on this website is held by the contributing authors, except where stated elsewhere. See Copyright Statement. Creative Commons License    Legal Imprint    Privacy Policy