[Tickets #12796] Re: Several Cross Site Request Forgery in Rule Section
noreply at bugs.horde.org
noreply at bugs.horde.org
Fri Oct 25 19:42:07 UTC 2013
DO NOT REPLY TO THIS MESSAGE. THIS EMAIL ADDRESS IS NOT MONITORED.
Ticket URL: http://bugs.horde.org/ticket/12796
------------------------------------------------------------------------------
Ticket | 12796
Updated By | Git Commit <commits at lists.horde.org>
Summary | Several Cross Site Request Forgery in Rule Section
Queue | Ingo
Version | 3.1.2
Type | Bug
State | Assigned
Priority | 3. High
Milestone | 3.1.3
Patch |
Owners | Horde Developers, Michael Slusarz
------------------------------------------------------------------------------
Git Commit <commits at lists.horde.org> (2013-10-25 19:42) wrote:
Changes have been made in Git (master):
commit e5c585867f908322346b37b43ef6460e7d0096c8
Author: Michael M Slusarz <slusarz at horde.org>
Date: Thu Oct 24 23:42:23 2013 -0600
[mms] SECURITY: Protect against CSRF attacks by using tokens on
destructive actions (CVE-2013-6275; Bug #12796; Marcela Benetrix
<m.benetrix at e-secure.com.au>).
ingo/docs/CHANGES | 3 ++
ingo/lib/Basic/Base.php | 52
++++++++++++++++++++++++++++++++++++++++++
ingo/lib/Basic/Blacklist.php | 7 ++++-
ingo/lib/Basic/Filters.php | 16 ++++++++++--
ingo/lib/Basic/Forward.php | 3 +-
ingo/lib/Basic/Rule.php | 17 +++++++++----
ingo/lib/Basic/Script.php | 12 +++++++--
ingo/lib/Basic/Spam.php | 3 +-
ingo/lib/Basic/Vacation.php | 3 +-
ingo/lib/Basic/Whitelist.php | 7 ++++-
ingo/package.xml | 4 +-
11 files changed, 107 insertions(+), 20 deletions(-)
http://git.horde.org/horde-git/-/commit/e5c585867f908322346b37b43ef6460e7d0096c8
More information about the bugs
mailing list