Searched hist:"634 d7150e59d03e4a4987164bfe9948fb8828c70" (Results 1 – 5 of 5) sorted by relevance
| /dokuwiki/lib/plugins/revert/ |
| H A D | admin.php | 634d7150e59d03e4a4987164bfe9948fb8828c70 Wed Aug 29 20:15:38 UTC 2007 Andreas Gohr <andi@splitbrain.org> CSRF prevention for admin plugins
This patch adds a session based token to all form in the default action plugins.
The validity of the token is checked before any administrative function is
executed aiming to protect DokuWiki's admin functions from Cross-site request
forgery (CSRF) attacks.
Another patch will follow to add the same functionality on other, less critical
functions.
More details on CSRF attacks can be found at
http://en.wikipedia.org/wiki/Cross-site_request_forgery
darcs-hash:20070829201538-7ad00-d0770224a3351fd8e38968e3a9d8e73520482445.gz
|
| /dokuwiki/lib/plugins/config/ |
| H A D | admin.php | 634d7150e59d03e4a4987164bfe9948fb8828c70 Wed Aug 29 20:15:38 UTC 2007 Andreas Gohr <andi@splitbrain.org> CSRF prevention for admin plugins
This patch adds a session based token to all form in the default action plugins.
The validity of the token is checked before any administrative function is
executed aiming to protect DokuWiki's admin functions from Cross-site request
forgery (CSRF) attacks.
Another patch will follow to add the same functionality on other, less critical
functions.
More details on CSRF attacks can be found at
http://en.wikipedia.org/wiki/Cross-site_request_forgery
darcs-hash:20070829201538-7ad00-d0770224a3351fd8e38968e3a9d8e73520482445.gz
|
| /dokuwiki/lib/plugins/acl/ |
| H A D | admin.php | 634d7150e59d03e4a4987164bfe9948fb8828c70 Wed Aug 29 20:15:38 UTC 2007 Andreas Gohr <andi@splitbrain.org> CSRF prevention for admin plugins
This patch adds a session based token to all form in the default action plugins.
The validity of the token is checked before any administrative function is
executed aiming to protect DokuWiki's admin functions from Cross-site request
forgery (CSRF) attacks.
Another patch will follow to add the same functionality on other, less critical
functions.
More details on CSRF attacks can be found at
http://en.wikipedia.org/wiki/Cross-site_request_forgery
darcs-hash:20070829201538-7ad00-d0770224a3351fd8e38968e3a9d8e73520482445.gz
|
| /dokuwiki/lib/plugins/usermanager/ |
| H A D | admin.php | 634d7150e59d03e4a4987164bfe9948fb8828c70 Wed Aug 29 20:15:38 UTC 2007 Andreas Gohr <andi@splitbrain.org> CSRF prevention for admin plugins
This patch adds a session based token to all form in the default action plugins.
The validity of the token is checked before any administrative function is
executed aiming to protect DokuWiki's admin functions from Cross-site request
forgery (CSRF) attacks.
Another patch will follow to add the same functionality on other, less critical
functions.
More details on CSRF attacks can be found at
http://en.wikipedia.org/wiki/Cross-site_request_forgery
darcs-hash:20070829201538-7ad00-d0770224a3351fd8e38968e3a9d8e73520482445.gz
|
| /dokuwiki/inc/ |
| H A D | common.php | 634d7150e59d03e4a4987164bfe9948fb8828c70 Wed Aug 29 20:15:38 UTC 2007 Andreas Gohr <andi@splitbrain.org> CSRF prevention for admin plugins
This patch adds a session based token to all form in the default action plugins.
The validity of the token is checked before any administrative function is
executed aiming to protect DokuWiki's admin functions from Cross-site request
forgery (CSRF) attacks.
Another patch will follow to add the same functionality on other, less critical
functions.
More details on CSRF attacks can be found at
http://en.wikipedia.org/wiki/Cross-site_request_forgery
darcs-hash:20070829201538-7ad00-d0770224a3351fd8e38968e3a9d8e73520482445.gz
|