Opened 5 years ago

Closed 5 years ago

Last modified 5 years ago

#16430 closed Cleanup/optimization (fixed)

Stronger wording for CSRF protection in `modifying upload handlers on the fly`

Reported by: Tom Christie Owned by: Tom Christie
Component: Documentation Version: 1.3
Severity: Normal Keywords:
Cc: Triage Stage: Ready for checkin
Has patch: yes Needs documentation: no
Needs tests: no Patch needs improvement: no
Easy pickings: no UI/UX: no

Description

The text in modifying upload handlers on the fly could be more strongly worded regarding CSRF protection.

It might be better if the text "Assuming you do need CSRF protection, you will then need to use csrf_protect() on the function that actually processes the request." simply read "You will then need to use csrf_protect() on the function that actually processes the request."

Obviously it's a bit of a subjective issue, but I think the stronger implication that we're simply explaining how to defer when the CSRF validation runs, rather than making a decision about if it should be run would be slightly better.

Attachments (1)

16430.patch (1.1 KB) - added by Tom Christie 5 years ago.

Download all attachments as: .zip

Change History (6)

comment:1 Changed 5 years ago by Aymeric Augustin

Component: UncategorizedDocumentation
Needs documentation: unset
Needs tests: unset
Patch needs improvement: unset
Triage Stage: UnreviewedAccepted
Type: UncategorizedCleanup/optimization

Changed 5 years ago by Tom Christie

Attachment: 16430.patch added

comment:2 Changed 5 years ago by Tom Christie

Has patch: set
Owner: changed from nobody to Tom Christie
Status: newassigned

comment:3 Changed 5 years ago by Paul McMillan

Triage Stage: AcceptedReady for checkin

Looks good to me. Marking RFC.

comment:4 Changed 5 years ago by Tim Graham

Resolution: fixed
Status: assignedclosed

In [16588]:

Fixed #16430 - Stronger wording for CSRF protection in modifying upload handlers on the fly; thanks tomchristie.

comment:5 Changed 5 years ago by Tim Graham

In [16589]:

[1.3.X] Fixed #16430 - Stronger wording for CSRF protection in modifying upload handlers on the fly; thanks tomchristie.

Backport of r16588 from trunk.

Note: See TracTickets for help on using tickets.
Back to Top