Opened 8 years ago
Closed 8 years ago
#420 closed defect (fixed)
ContentHelper should use a nonce to change the language, to avoid people with a public routerconsole being impacted
| Reported by: | Mathiasdm | Owned by: | zzz |
|---|---|---|---|
| Priority: | major | Milestone: | 0.8.5 |
| Component: | apps/console | Version: | 0.8.3 |
| Keywords: | Cc: | ||
| Parent Tickets: |
Description
15:51 < zzz2> Mathiasdm, comments after review
15:51 < zzz2> Mathiasdm, re: ContentHelper? change to save lang config
15:52 < zzz2> we talked about it before - it's taking a security problem and
making it worse, since no nonce req'd
15:52 < zzz2> also don't the changes belong in CSSHelper, not ContentHelper?? If
we do want the changes at all?
15:53 < walking-> zzz2: is it possible to support ssl-enabled proxy for
reseeding ?
15:54 < zzz2> could an attacker inject things into the config file with a
?lang=xx%0afoo=bar Mathiasdm ? Should we convert the readmes to a
form with nonces?
Subtickets
Change History (2)
comment:1 Changed 8 years ago by zzz
- Milestone changed from 0.8.4 to 0.8.5
- Owner set to zzz
- Status changed from new to accepted
comment:2 Changed 8 years ago by zzz
- Resolution set to fixed
- Status changed from accepted to closed
Note: See
TracTickets for help on using
tickets.
0.8.4-3