New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Security Issue: CSRF in DeleteFile function. [bug] #64
Comments
|
Similar to the file deletion feature, the post deletion feature and the plugins off feature, I also discovered the CSRF bug. I can delete any entry and disable any plugins. |
|
Your endpoint: |
|
Confirmed, thank you very much for finding and reporting this! I branched v1.1 to "issue64", so we can publish a bugfix release 1.1.1 as soon as the problem is solved. |
… reported by @lethanhtrung222. Thanks a lot! Also, session is destroyed properly on logout. And: Updated version number to "1.1.1".
|
Fixed with bb10fd7 in Branch issue64. Thank you very much for reporting! |
|
Thank you.
Vào CN, 18 thg 10, 2020 vào lúc 04:29 Arvid Zimmermann <
notifications@github.com> đã viết:
… Closed #64 <#64>.
—
You are receiving this because you authored the thread.
Reply to this email directly, view it on GitHub
<#64 (comment)>,
or unsubscribe
<https://github.com/notifications/unsubscribe-auth/ADREV4U6DLI732RTFXJ7GH3SLLGR3ANCNFSM4MLZLZNA>
.
|
|
Finally fixed, will be part of FlatPress 1.3. Yay \o/ |
The text was updated successfully, but these errors were encountered: