Fossil SCM

Fix forum-post approval buttons so that they send the CSRF token.

drh 2023-09-18 15:24 csrf-defense-enhancement

Commit bf9974cf8d410af9e478e4cce2da8e0be22c2d0153967b9327b458ea4aadaf4f

Parent 0a66be2b7545262…

1 file changed +1

M src/forum.c

+1

		--- src/forum.c
		+++ src/forum.c
		@@ -897,10 +897,11 @@
897	897	}
898	898	}else if( bSameUser ){
899	899	/* Allow users to delete (reject) their own pending posts. */
900	900	@ <input type="submit" name="reject" value="Delete">
901	901	}
	902	+ login_insert_csrf_secret();
902	903	@ </form>
903	904	if( bSelect && forumpost_may_close() && iClosed>=0 ){
904	905	int iHead = forumpost_head_rid(p->fpid);
905	906	@ <form method="post" \
906	907	@ action='%R/forumpost_%s(iClosed > 0 ? "reopen" : "close")'>
907	908

	--- src/forum.c
	+++ src/forum.c
	@@ -897,10 +897,11 @@
897	}
898	}else if( bSameUser ){
899	/* Allow users to delete (reject) their own pending posts. */
900	@ <input type="submit" name="reject" value="Delete">
901	}

902	@ </form>
903	if( bSelect && forumpost_may_close() && iClosed>=0 ){
904	int iHead = forumpost_head_rid(p->fpid);
905	@ <form method="post" \
906	@ action='%R/forumpost_%s(iClosed > 0 ? "reopen" : "close")'>
907

	--- src/forum.c
	+++ src/forum.c
	@@ -897,10 +897,11 @@
897	}
898	}else if( bSameUser ){
899	/* Allow users to delete (reject) their own pending posts. */
900	@ <input type="submit" name="reject" value="Delete">
901	}
902	login_insert_csrf_secret();
903	@ </form>
904	if( bSelect && forumpost_may_close() && iClosed>=0 ){
905	int iHead = forumpost_head_rid(p->fpid);
906	@ <form method="post" \
907	@ action='%R/forumpost_%s(iClosed > 0 ? "reopen" : "close")'>
908

Keyboard Shortcuts

Open search /

Next entry (timeline) j

Previous entry (timeline) k

Open focused entry Enter

Show this help ?

Toggle theme Top nav button