Ticket #835 (closed defect: fixed)

Opened 4 years ago

Last modified 2 years ago

Modification actions should be POST requests

Reported by: ogrisel <ogrisel@nuxeo.com> Assigned to: tziade
Priority: P1 Milestone: CPS 3.3.7
Component: CPSWiki Version: TRUNK
Severity: critical Keywords: security XSS
Cc:

Description

This is especially annoying for the 'delete' page action which is currently a simple GET link that can be triggered by some googlebot wandering on the wiki.

Stateful actions should be triggered by POST request with a redirection.

Change History

07/18/05 18:28:02 changed by fguillaume

Related to #630.

Leaving this open as it's apparently critical for the Wiki.

08/04/05 12:41:49 changed by fguillaume

  • milestone changed from CPS 3.3.5 to CPS 3.3.6.

09/16/05 16:24:05 changed by fguillaume

  • milestone changed from CPS 3.3.6 to CPS 3.4.0.

09/27/05 12:35:15 changed by madarche

  • status changed from new to closed.
  • resolution set to fixed.

Fixed by changeset [27624].

04/17/07 11:06:46 changed by madarche

  • keywords set to security XSS.