Bug #3704

CVE-2012-4002 CSRF prevention step 1

Added by moyo almost 9 years ago. Updated over 8 years ago.

Status:ClosedStart date:06/28/2012
Priority:NormalDue date:
Assignee:moyo% Done:

100%

Category:Framework
Target version:0.83.3

Description

REFERER check

Associated revisions

Revision 18762
Added by moyo almost 9 years ago

[0.83] CSRF prevention step 1 fixed #3704

Revision 18763
Added by moyo almost 9 years ago

[0.83] clean previous see #3704

Revision 18764
Added by moyo almost 9 years ago

CSRF prevention step 1 see #3704

Revision 18765
Added by remi almost 9 years ago

allow direct call to cron.php, see #3704

Revision 18766
Added by remi almost 9 years ago

allow direct call to cron.php, see #3704

Revision 18769
Added by remi almost 9 years ago

no CSRF protection for script, see #3704

Revision 18775
Added by remi almost 9 years ago

[0.83] improve referer check to include server name, see #3704

Revision 18793
Added by remi almost 9 years ago

improve referer check to include server name, see #3704

Revision 18832
Added by remi almost 9 years ago

[0.83] fix check when empty root_doc, see #3704

Revision 18833
Added by remi almost 9 years ago

fix check when empty root_doc, see #3704

History

#1 Updated by moyo almost 9 years ago

  • Status changed from New to Resolved
  • % Done changed from 0 to 100

Applied in changeset r18762.

#2 Updated by remi almost 9 years ago

r18765 is for 0.83
r18768 is also related to this bug

#3 Updated by remi almost 9 years ago

r18770: [0.83] apply r18768 and r18769

#4 Updated by moyo almost 9 years ago

  • Status changed from Resolved to Closed

#5 Updated by remi over 8 years ago

  • Subject changed from CSRF prevention step 1 to CVE-2012-4002 CSRF prevention step 1

Also available in: Atom PDF