Opened 13 years ago

Closed 13 years ago

Last modified 13 years ago

#16430 closed Cleanup/optimization (fixed)

Stronger wording for CSRF protection in `modifying upload handlers on the fly`

Reported by: Tom Christie Owned by: Tom Christie
Component: Documentation Version: 1.3
Severity: Normal Keywords:
Cc: Triage Stage: Ready for checkin
Has patch: yes Needs documentation: no
Needs tests: no Patch needs improvement: no
Easy pickings: no UI/UX: no

Description

The text in modifying upload handlers on the fly could be more strongly worded regarding CSRF protection.

It might be better if the text "Assuming you do need CSRF protection, you will then need to use csrf_protect() on the function that actually processes the request." simply read "You will then need to use csrf_protect() on the function that actually processes the request."

Obviously it's a bit of a subjective issue, but I think the stronger implication that we're simply explaining how to defer when the CSRF validation runs, rather than making a decision about if it should be run would be slightly better.

Attachments (1)

16430.patch (1.1 KB ) - added by Tom Christie 13 years ago.

Download all attachments as: .zip

Change History (6)

comment:1 by Aymeric Augustin, 13 years ago

Component: UncategorizedDocumentation
Triage Stage: UnreviewedAccepted
Type: UncategorizedCleanup/optimization

by Tom Christie, 13 years ago

Attachment: 16430.patch added

comment:2 by Tom Christie, 13 years ago

Has patch: set
Owner: changed from nobody to Tom Christie
Status: newassigned

comment:3 by Paul McMillan, 13 years ago

Triage Stage: AcceptedReady for checkin

Looks good to me. Marking RFC.

comment:4 by Tim Graham, 13 years ago

Resolution: fixed
Status: assignedclosed

In [16588]:

Fixed #16430 - Stronger wording for CSRF protection in modifying upload handlers on the fly; thanks tomchristie.

comment:5 by Tim Graham, 13 years ago

In [16589]:

[1.3.X] Fixed #16430 - Stronger wording for CSRF protection in modifying upload handlers on the fly; thanks tomchristie.

Backport of r16588 from trunk.

Note: See TracTickets for help on using tickets.
Back to Top