Correct documentation for confirm_form to prevent CSRF vulnerabilities [#199241]

Inspecting $_POST on confirmations may lead to CSRF vulnerabilities: one should use a submit handler. This patch went into 5.x as well.

Comment	File	Size	Author
#2	confirm_form_doc.patch	908 bytes	heine
	6_confirm_form.patch	620 bytes	heine

Comments

heine commented 9 December 2007 at 11:36

patch was by barry jaspan btw.

heine commented 20 December 2007 at 23:12

Status	File	Size
new	confirm_form_doc.patch	908 bytes

Instead of making a mistery of what file changed, a patch with complete headers.

he/him

Hungarian

Hungary

commented 20 December 2007 at 23:18

Status:

Needs review

» Fixed

Committed, thanks.

(not verified) commented 3 January 2008 at 23:22

Status:

Fixed

» Closed (fixed)

Automatically closed -- issue fixed for two weeks with no activity.