Item2500: BlackListPlugin no longer needs magic key protection of registration as this has become core feature
Priority: Normal
Current State: Closed
Released In:
Target Release: n/a
BlackListPlugin is under a solid rewrite.
One of the things that happened was that I decided to add a one code line change to the core so registration is protected against CSRF using our standard CSRF protection feature. This effectively does the same as
BlackListPlugin preventing bots from performing a registration.
In fact it does it better if you have strikeone level CSRF protection enabled (default).
For
BlackListPlugin for Foswiki this means that the magic key feature is removed so the plugin leaves a lighter footprint.
--
KennethLavrsen - 12 Dec 2009