-
Andreas Gohr authored
This patch adds a session based token to all form in the default action plugins. The validity of the token is checked before any administrative function is executed aiming to protect DokuWiki's admin functions from Cross-site request forgery (CSRF) attacks. Another patch will follow to add the same functionality on other, less critical functions. More details on CSRF attacks can be found at http://en.wikipedia.org/wiki/Cross-site_request_forgery darcs-hash:20070829201538-7ad00-d0770224a3351fd8e38968e3a9d8e73520482445.gz
Andreas Gohr authoredThis patch adds a session based token to all form in the default action plugins. The validity of the token is checked before any administrative function is executed aiming to protect DokuWiki's admin functions from Cross-site request forgery (CSRF) attacks. Another patch will follow to add the same functionality on other, less critical functions. More details on CSRF attacks can be found at http://en.wikipedia.org/wiki/Cross-site_request_forgery darcs-hash:20070829201538-7ad00-d0770224a3351fd8e38968e3a9d8e73520482445.gz
Code owners
Assign users and groups as approvers for specific file changes. Learn more.