New Foswiki release 2.1.6 is available with important security fixes.
Sourceforge foswiki email lists being discontinued. Subscribe to the new Foswiki announce and discuss lists at MailingLists

Item8503: CSRF validation token consumed by mandatory field warning

Priority: Normal
Current State: Closed
Released In: 1.1.0
Target Release: minor
Applies To: Engine
Reported By: MichaelDaum
Waiting For:
Last Change By: KennethLavrsen
When a user forgets to provide a required field she will receive a dialog saying so. Alas, the validation token has now been consumed. So going back in the browser as suggested and saving again will trigger yet another warning. That's probably a bit too much.

-- MichaelDaum - 12 Feb 2010

Agreed, it's too much. If potential data loss is involved, it's far too much; however you don't mention this; if not, then it's not Urgent but Normal. Also, do you have a suggestion how it can be overcome?

-- CrawfordCurrie - 11 Mar 2010

When saving from PatternSkin (the default skin) the JS intercepts the save and tells you about the missing mandatory field. This is not a solution, but it does reduce the impact of this problem significantly, so I'm reducing the priority from Urgent to Normal. An adjustment to the wording of the "go back" message can further ameliorate the symptoms.

Note there is another issue that you may see when saving this way; Item8738.

-- CrawfordCurrie - 20 Mar 2010


ItemTemplate edit

Summary CSRF validation token consumed by mandatory field warning
ReportedBy MichaelDaum
SVN Range
AppliesTo Engine
Priority Normal
CurrentState Closed
Checkins distro:241c6d7c3c46
TargetRelease minor
ReleasedIn 1.1.0
Topic revision: r8 - 04 Oct 2010, KennethLavrsen - This page was cached on 17 Jul 2018 - 22:23.

The copyright of the content on this website is held by the contributing authors, except where stated elsewhere. See Copyright Statement. Creative Commons License    Legal Imprint    Privacy Policy