Modify ↓
Opened 11 months ago
Last modified 5 days ago
#10227 new defect
Bookmark plugin should protect add and delete operations
| Reported by: | jun66j5 | Owned by: | rjollos |
|---|---|---|---|
| Priority: | normal | Component: | BookmarkPlugin |
| Severity: | major | Keywords: | |
| Cc: | jun66j5, rjollos, hasienda | Trac Release: | 0.12 |
Description
The bookmark icon is simple link, not a form. The delete link in bookmark page is also.
Therefore, a attacker can force to add and delete the users' bookmarks.
Attachments (0)
Change History (4)
comment:1 follow-up: ↓ 2 Changed 8 weeks ago by rjollos
- Cc hasienda added
comment:2 in reply to: ↑ 1 Changed 7 weeks ago by hasienda
Replying to rjollos:
In as much as I understand this, the issues appears to be similar to #7744 for the VotePlugin.
Yes, you're right.
comment:3 Changed 4 weeks ago by rjollos
- Owner changed from saigon to rjollos
- Status changed from new to assigned
comment:4 Changed 5 days ago by rjollos
- Status changed from assigned to new
Note: See
TracTickets for help on using
tickets.


In as much as I understand this, the issues appears to be similar to #7744 for the VotePlugin.