continuum-issues mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Maria Odea Ching (JIRA)" <j...@codehaus.org>
Subject [jira] Closed: (CONTINUUM-2622) Add CSRF prevention checks for sensitive actions
Date Fri, 15 Apr 2011 10:08:22 GMT

     [ http://jira.codehaus.org/browse/CONTINUUM-2622?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]

Maria Odea Ching closed CONTINUUM-2622.
---------------------------------------

    Resolution: Fixed

Fixed in 1.3.x branch [-r1092648|http://svn.apache.org/viewvc?rev=1092648&view=rev] with
the following changes:
* do an explicit check for a random generated value in the action on remove project group
(built-in token session interceptor doesn't work for projectGroupSummary page because the
<s:action> tag (which executes result) for getting the projects in the group in the
page causes a double submit
* enabled selenium test for remove project group csrf check


> Add CSRF prevention checks for sensitive actions
> ------------------------------------------------
>
>                 Key: CONTINUUM-2622
>                 URL: http://jira.codehaus.org/browse/CONTINUUM-2622
>             Project: Continuum
>          Issue Type: Improvement
>          Components: Security
>    Affects Versions: 1.3.7, 1.4.0 (Beta)
>            Reporter: Maria Odea Ching
>            Assignee: Maria Odea Ching
>             Fix For: 1.3.8
>
>


-- 
This message is automatically generated by JIRA.
-
If you think it was sent incorrectly contact one of the administrators: http://jira.codehaus.org/secure/Administrators.jspa
-
For more information on JIRA, see: http://www.atlassian.com/software/jira

        

Mime
View raw message