[dokuwiki] darcs changes 2007-08-30

• From: andi@xxxxxxxxxxxxxx (Andreas Gohr)
• To: dokuwiki@xxxxxxxxxxxxx
• Date: Thu, 30 Aug 2007 04:00:02 +0200 (CEST)

Good Morning!

This are the darcs changes for DokuWiki committed
yesterday. Please test them and report bugs.

---------------------------------------------------------------------
Wed Aug 29 22:15:38 CEST 2007  Andreas Gohr <andi[at]splitbrain.org>
  * CSRF prevention for admin plugins
  This patch adds a session based token to all form in the default action 
plugins.
  The validity of the token is checked before any administrative function is
  executed aiming to protect DokuWiki's admin functions from Cross-site request
  forgery (CSRF) attacks.
  
  Another patch will follow to add the same functionality on other, less 
critical
  functions.
  
  More details on CSRF attacks can be found at
  http://en.wikipedia.org/wiki/Cross-site_request_forgery
---------------------------------------------------------------------

Single patches can be downloaded from
http://dev.splitbrain.org/darcs/index.cgi/dokuwiki/?c=patches

Bye,
your darcs changelog mailer


-- 
DokuWiki mailing list - more info at
http://wiki.splitbrain.org/wiki:mailinglist

Other related posts:

• » [dokuwiki] darcs changes 2007-08-30

1. Home
2. dokuwiki
3. Archive
4. 08-2007

---

• » Previous by Date
• » Next by Date
• » Related Posts
• » View list details
• » Manage your subscription

---