You are here: Foswiki>Tasks Web>Item9273 (13 Oct 2011, CrawfordCurrie)Edit Attach

Item9273: Changing Form triggers CSRF confirmation

pencil
Priority: Normal
Current State: No Action Required
Released In: n/a
Target Release: n/a
Applies To: Engine
Component:
Branches:
Reported By: MichaelTempest
Waiting For:
Last Change By: CrawfordCurrie
Foswiki asks for confirmation of a suspicious request (i.e. a CSRF confirmation) if I save after not-changing the form.

To reproduce:
  1. Click "Edit" (or "Raw Edit", or "Wiki Text")
  2. Click "Replace form..."
  3. Click "Go back" on the form (not on the browser)
  4. Click "Save"

If I try this with the WYSIWYG editor on Trunk, then I get a 500 error. "There was a problem retrieving http://trunk.foswiki.org/bin/rest/WysiwygPlugin/tml2html: GENERAL 500" appears in the edit box. (It is now 7 July 2010 16:24 UTC, if you want to check the logs.) I didn't click save when I tried this on trunk because I didn't want to kill my topic.

I see this on 1.0.9 (raw edit and WYSIWYG) and trunk (wiki text).

-- MichaelTempest - 07 Jul 2010

It works fine for me on trunk, but there have been so many changes since 1.0.9 that I'm just going to ignore this, sorry. Please re-open if you can reproduce on latest code.

-- CrawfordCurrie - 13 Oct 2011

 

ItemTemplate edit

Summary Changing Form triggers CSRF confirmation
ReportedBy MichaelTempest
Codebase 1.0.9, trunk
SVN Range
AppliesTo Engine
Component
Priority Normal
CurrentState No Action Required
WaitingFor
Checkins
TargetRelease n/a
ReleasedIn n/a
Edit  | Attach | Print version | History: r2 < r1 | Backlinks | View wiki text | Edit wiki text | More topic actions
Topic revision: r2 - 13 Oct 2011, CrawfordCurrie
The copyright of the content on this website is held by the contributing authors, except where stated elsewhere. See Copyright Statement. Creative Commons License    Legal Imprint    Privacy Policy