Actions
Feature #22685
closedProvide a CSRF protection framework for the BE and install tool
Start date:
2010-05-19
Due date:
% Done:
0%
Estimated time:
PHP Version:
5.3
Tags:
Complexity:
Sprint Focus:
Description
This feature is about providing a general CSRF protection frameform for the BE and a proof-of-concept for the BE user setup module.
How to test:
1. change your name in the BE user setup, save and see that the value has changed (and there is the flash message telling you that)
2. change your name, save and use TamperData to modify the formToken POST value. The form data will not have changed, and there is no flash message.
I'll post the install tool form protection and POC in another RFC (when it is finished).
(issue imported from #M14438)
Files
Actions