Ticket #10227 (new defect)

Opened 10 months ago

Last modified 3 weeks ago

Bookmark plugin should protect add and delete operations

Reported by: jun66j5 Assigned to: saigon
Priority: normal Component: BookmarkPlugin
Severity: major Keywords:
Cc: jun66j5, rjollos, hasienda Trac Release: 0.12

Description

The bookmark icon is simple link, not a form. The delete link in bookmark page is also. Therefore, a attacker can force to add and delete the users' bookmarks.

Attachments

Change History

(follow-up: ↓ 2 ) 04/26/13 22:34:22 changed by rjollos

  • cc changed from jun66j5,rjollos to jun66j5, rjollos, hasienda.

In as much as I understand this, the issues appears to be similar to #7744 for the VotePlugin.

(in reply to: ↑ 1 ) 04/29/13 00:12:47 changed by hasienda

Replying to rjollos:

In as much as I understand this, the issues appears to be similar to #7744 for the VotePlugin.

Yes, you're right.

Add/Change #10227 (Bookmark plugin should protect add and delete operations)




Change Properties
Action