Good Morning! This are the darcs changes for DokuWiki committed yesterday. Please test them and report bugs. --------------------------------------------------------------------- Wed Aug 29 22:15:38 CEST 2007 Andreas Gohr <andi[at]splitbrain.org> * CSRF prevention for admin plugins This patch adds a session based token to all form in the default action plugins. The validity of the token is checked before any administrative function is executed aiming to protect DokuWiki's admin functions from Cross-site request forgery (CSRF) attacks. Another patch will follow to add the same functionality on other, less critical functions. More details on CSRF attacks can be found at http://en.wikipedia.org/wiki/Cross-site_request_forgery --------------------------------------------------------------------- Single patches can be downloaded from http://dev.splitbrain.org/darcs/index.cgi/dokuwiki/?c=patches Bye, your darcs changelog mailer -- DokuWiki mailing list - more info at http://wiki.splitbrain.org/wiki:mailinglist