Uploaded image for project: 'phpBB3'
  1. phpBB3
  2. PHPBB3-14789

Add missing link hash and form token checks to ACP

    XMLWordPrintable

Details

    • Improvement
    • Status: Closed (View Workflow)
    • Major
    • Resolution: Fixed
    • None
    • 3.1.10-RC1
    • ACP
    • None

    Description

      This will further harden the ACP security by adding link hashes to links and form tokens to forms that did not have these yet and result in modified settings or write action on the filesystem or database. These few links and forms were still relying on the global ACP protection, mainly due to them not posing further risks of compromising data. After this change these willnow also be properly protected against tampering.

      Attachments

        Issue Links

          caused

          Bug - A problem which impairs or prevents the functions of the product. PHPBB3-14830 FORM_INVALID error on ACP search and CPF settings

          • Major - Major loss of function.
          • Closed

          Activity

            People

              Marc Marc
              CHItA CHItA
              Votes:
              0 Vote for this issue
              Watchers:
              3 Start watching this issue

              Dates

                Created:
                Updated:
                Resolved: