[Tickets #5307] Re: Upgrade Prototype to 1.5.1_rc3 and make use of CSRF protection
bugs at bugs.horde.org
bugs at bugs.horde.org
Tue Jun 19 04:48:27 UTC 2007
DO NOT REPLY TO THIS MESSAGE. THIS EMAIL ADDRESS IS NOT MONITORED.
Ticket URL: http://bugs.horde.org/ticket/?id=5307
-----------------------------------------------------------------------
Ticket | 5307
Updated By | Chuck Hagenbuch <chuck at horde.org>
Summary | Upgrade Prototype to 1.5.1_rc3 and make use of CSRF protection
Queue | Horde Base
Version | HEAD
Type | Bug
State | Assigned
Priority | 2. Medium
-Owners |
+Owners | Horde Developers, Michael Slusarz
-----------------------------------------------------------------------
Chuck Hagenbuch <chuck at horde.org> (2007-06-18 21:48) wrote:
imp.js.php and dimp.js.php are served as javascript, so if we don't protect
them, someone can request them remotely (assuming a user is logged in to
horde, which isn't far-fetched for these purposes) and steal a session id
embedded in the javascript. So these need to be changed to go through the
/*secure* trick somehow (and they can't just call evalJson in those files
- then the attacker would just define evalJson), or inlined like I did for
Kronolith and Gollem.
I'm hoping to pass this off since Michael, you're more familiar with the
current js structure of dimp/imp, and frankly I'm a bit friend on bugs at
the moment. Had a bad weekend with Turba. :)
More information about the bugs
mailing list