Support for Drupal 7 is ending on 5 January 2025—it’s time to migrate to Drupal 10! Learn about the many benefits of Drupal 10 and find migration tools in our resource center.
Inspecting $_POST on confirmations may lead to CSRF vulnerabilities: one should use a submit handler. This patch went into 5.x as well.
Comment | File | Size | Author |
---|---|---|---|
#2 | confirm_form_doc.patch | 908 bytes | Heine |
6_confirm_form.patch | 620 bytes | Heine | |
Comments
Comment #1
Heine CreditAttribution: Heine commentedpatch was by barry jaspan btw.
Comment #2
Heine CreditAttribution: Heine commentedInstead of making a mistery of what file changed, a patch with complete headers.
Comment #3
Gábor HojtsyCommitted, thanks.
Comment #4
(not verified) CreditAttribution: commentedAutomatically closed -- issue fixed for two weeks with no activity.