Opened 4 years ago

Closed 4 years ago

Last modified 4 years ago

#16430 closed Cleanup/optimization (fixed)

Stronger wording for CSRF protection in `modifying upload handlers on the fly`

Reported by: tomchristie Owned by: tomchristie
Component: Documentation Version: 1.3
Severity: Normal Keywords:
Cc: Triage Stage: Ready for checkin
Has patch: yes Needs documentation: no
Needs tests: no Patch needs improvement: no
Easy pickings: no UI/UX: no

Description

The text in modifying upload handlers on the fly could be more strongly worded regarding CSRF protection.

It might be better if the text "Assuming you do need CSRF protection, you will then need to use csrf_protect() on the function that actually processes the request." simply read "You will then need to use csrf_protect() on the function that actually processes the request."

Obviously it's a bit of a subjective issue, but I think the stronger implication that we're simply explaining how to defer when the CSRF validation runs, rather than making a decision about if it should be run would be slightly better.

Attachments (1)

16430.patch (1.1 KB) - added by tomchristie 4 years ago.

Download all attachments as: .zip

Change History (6)

comment:1 Changed 4 years ago by aaugustin

  • Component changed from Uncategorized to Documentation
  • Needs documentation unset
  • Needs tests unset
  • Patch needs improvement unset
  • Triage Stage changed from Unreviewed to Accepted
  • Type changed from Uncategorized to Cleanup/optimization

Changed 4 years ago by tomchristie

comment:2 Changed 4 years ago by tomchristie

  • Has patch set
  • Owner changed from nobody to tomchristie
  • Status changed from new to assigned

comment:3 Changed 4 years ago by PaulM

  • Triage Stage changed from Accepted to Ready for checkin

Looks good to me. Marking RFC.

comment:4 Changed 4 years ago by timo

  • Resolution set to fixed
  • Status changed from assigned to closed

In [16588]:

Fixed #16430 - Stronger wording for CSRF protection in modifying upload handlers on the fly; thanks tomchristie.

comment:5 Changed 4 years ago by timo

In [16589]:

[1.3.X] Fixed #16430 - Stronger wording for CSRF protection in modifying upload handlers on the fly; thanks tomchristie.

Backport of r16588 from trunk.

Note: See TracTickets for help on using tickets.
Back to Top