[
http://jira.codehaus.org/browse/CONTINUUM-2622?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Maria Odea Ching closed CONTINUUM-2622.
---------------------------------------
Resolution: Fixed
Fixed in 1.3.x branch
[-r1092648|http://svn.apache.org/viewvc?rev=1092648&view=rev] with the
following changes:
* do an explicit check for a random generated value in the action on remove
project group (built-in token session interceptor doesn't work for
projectGroupSummary page because the <s:action> tag (which executes result) for
getting the projects in the group in the page causes a double submit
* enabled selenium test for remove project group csrf check
> Add CSRF prevention checks for sensitive actions
> ------------------------------------------------
>
> Key: CONTINUUM-2622
> URL: http://jira.codehaus.org/browse/CONTINUUM-2622
> Project: Continuum
> Issue Type: Improvement
> Components: Security
> Affects Versions: 1.3.7, 1.4.0 (Beta)
> Reporter: Maria Odea Ching
> Assignee: Maria Odea Ching
> Fix For: 1.3.8
>
>
--
This message is automatically generated by JIRA.
-
If you think it was sent incorrectly contact one of the administrators:
http://jira.codehaus.org/secure/Administrators.jspa
-
For more information on JIRA, see: http://www.atlassian.com/software/jira
