Correct documentation for confirm_form to prevent CSRF vulnerabilities [#199241]

Inspecting $_POST on confirmations may lead to CSRF vulnerabilities: one should use a submit handler. This patch went into 5.x as well.

Comment	File	Size	Author
#2	confirm_form_doc.patch	908 bytes	Heine
#2
	6_confirm_form.patch	620 bytes	Heine

Comments

Heine CreditAttribution: Heine commented 9 December 2007 at 11:36

patch was by barry jaspan btw.

Heine CreditAttribution: Heine commented 20 December 2007 at 23:12

File	Size
confirm_form_doc.patch	908 bytes

Instead of making a mistery of what file changed, a patch with complete headers.

he/him

Hungarian

Hungary

CreditAttribution: Gábor Hojtsy commented 20 December 2007 at 23:18

Status:

Needs review

» Fixed

Committed, thanks.

(not verified) CreditAttribution: commented 3 January 2008 at 23:22

Status:

Fixed

» Closed (fixed)

Automatically closed -- issue fixed for two weeks with no activity.