validate CSRF token (Check length)
|Reported by:||jedie||Owned by:||Raúl Cumplido|
|Cc:||Triage Stage:||Ready for checkin|
|Has patch:||yes||Needs documentation:||no|
|Needs tests:||yes||Patch needs improvement:||no|
I wonder that the CSRF token send from the client didn't be validated.
Don't know if a DOS attack is possible by sending many request with very long CSRF tokens?
IMHO it's a good idea to check the length before do anything with it.
Change History (8)
comment:1 Changed 5 years ago by
|Patch needs improvement:||unset|
comment:2 Changed 5 years ago by
|Component:||Uncategorized → contrib.csrf|
|Triage Stage:||Unreviewed → Accepted|