Context Navigation

Modify ↓

#10227 new defect

Bookmark plugin should protect add and delete operations

Reported by:	Jun Omae	Owned by:	Ryan J Ollos
Priority:	normal	Component:	BookmarkPlugin
Severity:	major	Keywords:
Cc:	Jun Omae, Steffen Hoffmann	Trac Release:	0.12

Description

The bookmark icon is simple link, not a form. The delete link in bookmark page is also. Therefore, a attacker can force to add and delete the users' bookmarks.

Attachments (0)

Change History (5)

comment:1 follow-up: 2 Changed 12 years ago by Ryan J Ollos

Cc:	Ryan J Ollos Steffen Hoffmann added

In as much as I understand this, the issues appears to be similar to #7744 for the VotePlugin.

comment:2 in reply to: 1 Changed 12 years ago by Steffen Hoffmann

Replying to rjollos:

In as much as I understand this, the issues appears to be similar to #7744 for the VotePlugin.

Yes, you're right.

comment:3 Changed 12 years ago by Ryan J Ollos

Owner:	changed from yosiyuki to Ryan J Ollos
Status:	new → assigned

comment:4 Changed 11 years ago by Ryan J Ollos

Status:	assigned → new

comment:5 Changed 5 years ago by Ryan J Ollos

Cc:	Ryan J Ollos removed

Modify Ticket

Change Properties

Summary:
Type:	Priority:
Component:	Severity:
Keywords:	Cc:	Set your email in Preferences
Trac Release:

Action

leave as new The owner will remain Ryan J Ollos.

Add Comment

Your email or username:

E-mail address and name can be saved in the Preferences.

You may use WikiFormatting here.

Attachments ↑ Description ↑

Note: See TracTickets for help on using tickets.

Download in other formats: