Item2500: BlackListPlugin no longer needs magic key protection of registration as this has become core feature
Current State: Closed
Target Release: n/a
is under a solid rewrite.
One of the things that happened was that I decided to add a one code line change to the core so registration is protected against CSRF using our standard CSRF protection feature. This effectively does the same as BlackListPlugin
preventing bots from performing a registration.
In fact it does it better if you have strikeone level CSRF protection enabled (default).
for Foswiki this means that the magic key feature is removed so the plugin leaves a lighter footprint.
- 12 Dec 2009