Modify

Opened 2 years ago

Last modified 18 months ago

#10227 new defect

Bookmark plugin should protect add and delete operations

Reported by: jun66j5 Owned by: rjollos
Priority: normal Component: BookmarkPlugin
Severity: major Keywords:
Cc: jun66j5, rjollos, hasienda Trac Release: 0.12

Description

The bookmark icon is simple link, not a form. The delete link in bookmark page is also. Therefore, a attacker can force to add and delete the users' bookmarks.

Attachments (0)

Change History (4)

comment:1 follow-up: Changed 19 months ago by rjollos

  • Cc rjollos hasienda added

In as much as I understand this, the issues appears to be similar to #7744 for the VotePlugin.

comment:2 in reply to: ↑ 1 Changed 19 months ago by hasienda

Replying to rjollos:

In as much as I understand this, the issues appears to be similar to #7744 for the VotePlugin.

Yes, you're right.

comment:3 Changed 18 months ago by rjollos

  • Owner changed from saigon to rjollos
  • Status changed from new to assigned

comment:4 Changed 18 months ago by rjollos

  • Status changed from assigned to new

Add Comment

Modify Ticket

Action
as new The owner will remain rjollos.
Author


E-mail address and user name can be saved in the Preferences.

 
Note: See TracTickets for help on using tickets.