Closed (fixed)
Project:
Administration menu
Version:
7.x-3.x-dev
Component:
Code
Priority:
Normal
Category:
Bug report
Assigned:
Unassigned
Reporter:
Created:
1 Mar 2015 at 18:32 UTC
Updated:
26 May 2023 at 13:19 UTC
Jump to comment: Most recent, Most recent file
Comments
Comment #1
willzyx commentedComment #2
truls1502I am sorry for no reply until now.
There are many issues regarding this module admin_menu which is a bit difficult for us to follow up since some of the issues might be already outdated, or is already fixed by the module or any other modules or itself core which means that the problem might no longer need to be fixed.
We can see that the issue has been created for a few years ago, I hope it is okay for you that I am postponing the issue, and give you around two weeks. If you still face the problem, could you tell us the step by step when until you get the error message or what is frustrated you, and a list of modules you are using related to admin_menu and a screenshot that might help us? So it makes us easier to reproduce your issue.
However, after two weeks with no feedback - we will close this issue. So in case, you noticed it after the issue is closed, do not hesitate to reopen it like and fill information which is mentioned above.
So before giving us a feedback, do you mind to test it again with our latest 7.x-3.x-dev?
Thank you for understanding! :)
Comment #3
truls1502This issue has been automatically marked as closed because it has not had recent activity after the last post.
However, if you or someone is still facing the same issue as described to the issue, could you please to re-open the issue by changing the status of the issue, and add an explanation with more details which can help us to reproduce your situation.
Again, thank you for your contributions! :)
Comment #4
salvisYes, we should look into fixing this finally. Let's start by checking the patch.
Comment #5
salvisI've just committed the patch in Devel and I suggest to commit this one, as explained in #2411615-24: CSRF vulnerabilities in menu callbacks.
You already have token protection for the other relevant menu items, and this one should follow, too, then #2431283-39: Cron CSRF vulnerability in Core can be reviewed and committed.
Comment #6
thallesThanks @salvis!
Comment #8
thallesFixed!
Comment #9
salvisThank you, thalles!
Would you care to review #2431283-39: Cron CSRF vulnerability?
Comment #10
salvisCan you set it RTBC? I can't because I touched it (even though for for re-rolling), but AFAICS it's working for both Admin Menu and Devel.
Comment #12
subir_ghoshTha patch works. Thank you.
Comment #13
awasson commentedAny thoughts on when or if this will be rolled to the Stable or Dev versions of Admin Menu?
Comment #14
solideogloria commented