Context Navigation

← Previous Ticket
Next Ticket →

Modify ↓

#10227 new defect

Bookmark plugin should protect add and delete operations

Reported by:	jun66j5	Owned by:	rjollos
Priority:	normal	Component:	BookmarkPlugin
Severity:	major	Keywords:
Cc:	jun66j5, rjollos, hasienda	Trac Release:	0.12

Description

The bookmark icon is simple link, not a form. The delete link in bookmark page is also.
Therefore, a attacker can force to add and delete the users' bookmarks.

Attachments (0)

Change History (4)

comment:1 follow-up: ↓ 2 Changed 8 weeks ago by rjollos

Cc hasienda added

In as much as I understand this, the issues appears to be similar to #7744 for the VotePlugin.

comment:2 in reply to: ↑ 1 Changed 7 weeks ago by hasienda

Replying to rjollos:

In as much as I understand this, the issues appears to be similar to #7744 for the VotePlugin.

Yes, you're right.

comment:3 Changed 4 weeks ago by rjollos

Owner changed from saigon to rjollos
Status changed from new to assigned

comment:4 Changed 5 days ago by rjollos

Status changed from assigned to new

Add Comment

You may use WikiFormatting here.

Modify Ticket

Change Properties

Summary:
Type:	Priority:
Component:	Severity:
Keywords:	Add/Remove from Cc:	<Author field>
Trac Release:

Action

leave as new .

resolve as The resolution will be set. Next status will be 'closed'.

reassign to The owner will be changed from rjollos. Next status will be 'new'.

accept The owner will be changed from rjollos to anonymous. Next status will be 'assigned'.

Author

Your email or username:

E-mail address and user name can be saved in the Preferences.

Attachments ↑ Description ↑

Note: See TracTickets for help on using tickets.

Download in other formats: