Item1568: Synchronise form submits with sessions to enhance further security against CSRF

Priority: Enhancement
Current State: Closed
Released In: 1.0.6
Target Release: patch

Applies To: Engine
Component:
Branches:

Reported By: CrawfordCurrie
Waiting For:
Last Change By: KennethLavrsen

At the moment you can't be sure where a form submit comes from. There should be some way of validating it.

-- CrawfordCurrie - 04 May 2009

I consider this fixed. now

Waiting for release.

-- KennethLavrsen - 17 Jun 2009

No; the text of the message is still not quite right. It is very important and muct be spot on.

-- CrawfordCurrie - 18 Jun 2009

OK, now I'm happier.

-- CrawfordCurrie - 18 Jun 2009

Updating language files.

-- KennethLavrsen - 18 Jun 2009

Changed to Enhancement - which it actually is.

-- KennethLavrsen - 19 Jun 2009

Summary	Synchronise form submits with sessions to enhance further security against CSRF
ReportedBy	CrawfordCurrie
Codebase	1.0.5
SVN Range	Foswiki-1.0.0, Thu, 08 Jan 2009, build 1878
AppliesTo	Engine
Component
Priority	Enhancement
CurrentState	Closed
WaitingFor
Checkins	distro:9a77c61e469b distro:c0eee938b174 distro:514989581755 distro:7b2ac78dc1ea distro:563e87a92d91 distro:52fb633bf836 distro:fd29a66a0488 distro:5df9220dabfe distro:4b240a47957c distro:54eee69d1ed9 distro:9a8294a6b625 distro:ae0fb49ed036 distro:f6f440579e9f distro:ebd22398a4bc distro:036ef03745d0 distro:f90d98d6ffcb distro:11805278d905 distro:ea2cf6eb3e7b distro:516188b5a847 distro:f1428d6abf09 distro:6bdbd656bbed distro:af9c1cae5b1b distro:b33050c05fba distro:5a8f4cadc550 distro:4d94c646d0e5 distro:f59b1aefc7bb distro:b9d159063b19 distro:c644ca96b48a distro:a01080d5d231 distro:d770e514032e distro:e778ffd9d6ab distro:f397fee01ba5 distro:9603af720975 distro:522655b10fdf distro:0bf1e43c0e7c distro:aac7a1b40771 distro:eb19e126b7c4 distro:8b2f85ce0063 distro:4a378ef8c0d5 distro:f01e11bcff54 distro:3aaee06dc3c0 distro:d931f2583a0c distro:db00250578e4 distro:d1f23c902e0c
TargetRelease	patch
ReleasedIn	1.0.6