CSRF vulnerability on blacklist removal [#847348]

The admin/settings/page_syndication/referer_blacklist/remove/%-path should be protected against CSRF attacks by using a token or confirmation form. Otherwise authorized users can be tricked into unknowingly removing blacklisted referrers.

$items['admin/settings/page_syndication/referer_blacklist/remove/%'] = array(
  'page callback' => 'remove_referer',
  'page arguments' => array(5),
  'access arguments' => array('administer site configuration'),
  'file' => 'page_syndication.admin.inc'
);

function remove_referer($id) {
  db_query('DELETE FROM {page_syndication_referer_blacklist} WHERE id=%d', $id);
  
  drupal_goto('admin/settings/page_syndication/referer_blacklist');
}

Comments

Comment #1

tudor.sitaru commented 7 July 2010 at 17:45

Assigned:

Unassigned

» tudor.sitaru

Thanks for the find, a confirmation page will be added.

Comment #2

tudor.sitaru commented 7 July 2010 at 19:19

Status:

Active

» Fixed

Fixed in HEAD, will be part of the ALPHA2 release.

Comment #3

tudor.sitaru commented 9 July 2010 at 08:34

Status:

Fixed

» Closed (fixed)

ALPHA2 was released with the fix, closing the ticket.

CSRF vulnerability on blacklist removal

Comments

Comment #1

Comment #2

Comment #3

News items

Our community

Documentation

Drupal code base

Governance of community