Joomla! Issue Tracker | Joomla! CMS #19711 - Possible missing CSRF token tags adminForm

Closed
17 Feb 2018
Medium
Build: staging
# 19711

James-OHara
16 Feb 2018

Steps to reproduce the issue

Access [baseurl]/index.php/component/tags/?limit=20&start=0. The page source includes a form called adminform.

Expected result

adminform would include an anti-CSRF token to prevent cross site request forgery vulnerability.

Actual result

adminForm does not have an anti-CSRF token

System information (as much as possible)

Joomla: 3.8.5

Additional comments

James-OHara - open - 16 Feb 2018

joomla-cms-bot - change - 16 Feb 2018

Labels

Added: ?

joomla-cms-bot - labeled - 16 Feb 2018

mbabker - comment - 16 Feb 2018

It's bad copy/paste if anything. The forms on the tags frontend layouts are all related to pagination and result filtering (read operations only), no need for CSRF here as these forms should be doing GET requests (why they use POST beats me but ¯\_(ツ)_/¯).

franz-wohlkoenig - change - 17 Feb 2018

Status	New	⇒	Expected Behaviour
Closed_Date	0000-00-00 00:00:00	⇒	2018-02-17 06:41:05
Closed_By		⇒	franz-wohlkoenig

joomla-cms-bot - change - 17 Feb 2018

Status	Expected Behaviour	⇒	Closed
Closed_By	franz-wohlkoenig	⇒	joomla-cms-bot

joomla-cms-bot - close - 17 Feb 2018

joomla-cms-bot - comment - 17 Feb 2018

Set to "closed" on behalf of @franz-wohlkoenig by The JTracker Application at issues.joomla.org/joomla-cms/19711

franz-wohlkoenig - comment - 17 Feb 2018

Closed as expected Behaviour.

_{This comment was created with the J!Tracker Application at issues.joomla.org/tracker/joomla-cms/19711.}