Modify

Opened 2 years ago

Last modified 15 months ago

#10227 new defect

Bookmark plugin should protect add and delete operations

Reported by: jun66j5 Owned by: rjollos
Priority: normal Component: BookmarkPlugin
Severity: major Keywords:
Cc: jun66j5, rjollos, hasienda Trac Release: 0.12

Description

The bookmark icon is simple link, not a form. The delete link in bookmark page is also.
Therefore, a attacker can force to add and delete the users' bookmarks.

Attachments (0)

Change History (4)

comment:1 follow-up: Changed 16 months ago by rjollos

  • Cc hasienda added

In as much as I understand this, the issues appears to be similar to #7744 for the VotePlugin.

comment:2 in reply to: ↑ 1 Changed 16 months ago by hasienda

Replying to rjollos:

In as much as I understand this, the issues appears to be similar to #7744 for the VotePlugin.

Yes, you're right.

comment:3 Changed 15 months ago by rjollos

  • Owner changed from saigon to rjollos
  • Status changed from new to assigned

comment:4 Changed 15 months ago by rjollos

  • Status changed from assigned to new

Add Comment

Modify Ticket

Action
as new .
Author


E-mail address and user name can be saved in the Preferences.

 
Note: See TracTickets for help on using tickets.