Modify ↓
Opened 12 years ago
Last modified 5 years ago
#10227 new defect
Bookmark plugin should protect add and delete operations
Reported by: | Jun Omae | Owned by: | Ryan J Ollos |
---|---|---|---|
Priority: | normal | Component: | BookmarkPlugin |
Severity: | major | Keywords: | |
Cc: | Jun Omae, Steffen Hoffmann | Trac Release: | 0.12 |
Description
The bookmark icon is simple link, not a form. The delete link in bookmark page is also. Therefore, a attacker can force to add and delete the users' bookmarks.
Attachments (0)
Change History (5)
comment:1 follow-up: 2 Changed 12 years ago by
Cc: | Ryan J Ollos Steffen Hoffmann added |
---|
comment:2 Changed 12 years ago by
Replying to rjollos:
In as much as I understand this, the issues appears to be similar to #7744 for the VotePlugin.
Yes, you're right.
comment:3 Changed 12 years ago by
Owner: | changed from yosiyuki to Ryan J Ollos |
---|---|
Status: | new → assigned |
comment:4 Changed 12 years ago by
Status: | assigned → new |
---|
comment:5 Changed 5 years ago by
Cc: | Ryan J Ollos removed |
---|
Note: See
TracTickets for help on using
tickets.
In as much as I understand this, the issues appears to be similar to #7744 for the VotePlugin.