Feeling Lucky
?
[#20786] - [4.0] Check session token in header
- Fixed in Code Base
- 2 Jul 2018
- Medium
- Build: 4.0-dev
- # 20786
- Diff
- brianteeman:session
User tests: Successful: Unsuccessful:
| Status | New | ⇒ | Pending |
joomla-cms-bot
- | Category | ⇒ | Libraries |
| Status | Pending | ⇒ | Fixed in Code Base |
| Closed_Date | 0000-00-00 00:00:00 | ⇒ | 2018-07-02 00:11:14 |
| Closed_By | ⇒ | wilsonge | |
| Labels |
Added:
?
|
||
wilsonge
- comment
- 2 Jul 2018
Thanks!
Thanks!
Test.
2.a Before - fails with a "magic" message "Invalid token"
2.b After - it works and data gets saved.
I do not know of any core functionality using this "magic". I do and e.g. image save in the new Media Manager could remove the token from the JSON data sent. A (very) tiny bit of security I believe.