Bug #156
Secure all forms against CSRF
| Status: | Closed | Start: | 2017-04-04 | |
|---|---|---|---|---|
| Priority: | Normal | Due date: | ||
| Assigned to: | - | % Done: | 0% |
|
| Category: | - | |||
| Target version: | - | |||
| Votes: | 0 |
Description
A number of forms on the Panel are susceptible to Cross-Site Request Forgery. Any form which does a POST will need protecting. Reported in RT#8731.
History
Updated by admin about 8 years ago
As the remaining forms are only for trivial uses, or redirect to third party suppliers (e.g. for payment), there's probably no harm in listing them.
Forms at the following paths need fixing:
/xfer//account/config//account//account/invoices/pay//account/invoices//fun//dns/rev/
Updated by admin about 8 years ago
These two done (on test site):
- /xfer/
- /account/config/
Updated by admin about 8 years ago
Done:
- /account/
Updated by admin about 8 years ago
Done:
- /account/invoices/pay/
Updated by admin about 8 years ago
- Status changed from In Progress to Resolved
All remaining forms have now been secured against CSRF.
Updated by admin over 7 years ago
- Status changed from Resolved to Closed