Joomla! Issue Tracker | Joomla! CMS #22705 - [com_actionlogs][Security][RELEASE BLOCKER] Check for token before allowing purge

Fixed in Code Base
19 Oct 2018
Medium
Build: staging
# 22705
Diff
PhilETaylor:patch-24

Pending

User tests: Successful: Unsuccessful:

PhilETaylor
18 Oct 2018

@joomla/security

Add missing token check for CSRF to purge action

Good, and important catch!

6710e6d 18 Oct 2018

[com_actionlogs][Security] Check for token before allowing purge

PhilETaylor - open - 18 Oct 2018

PhilETaylor - change - 18 Oct 2018

Status

New

⇒

Pending

joomla-cms-bot - change - 18 Oct 2018

Category

⇒

Administration

ff55889 18 Oct 2018

change to use non-static call

PhilETaylor - change - 18 Oct 2018

Labels

Added: ?

76deb84 18 Oct 2018

Update actionlogs.php

PhilETaylor - change - 18 Oct 2018

Title

…

[com_actionlogs][Security] Check for token before allowing purge

[com_actionlogs][Security][RELEASE BLOCKER] Check for token before allowing purge

PhilETaylor - edited - 18 Oct 2018

PhilETaylor - comment - 19 Oct 2018

I think you are seeing things! This was a direct copy and paste in github in the browser.. I see no tabs?!?!

——
Sent from my iPhone - sorry - if needed I’ll send longer email from my desk later.
——

On 19 Oct 2018, at 06:15, SharkyKZ notifications@github.com wrote:

@SharkyKZ commented on this pull request.

In administrator/components/com_actionlogs/controllers/actionlogs.php:

@@ -116,6 +116,9 @@ public function exportLogs()
*/
public function purge()
{
// Check for request forgeries.
$this->checkToken();
Remove tabs.

—
You are receiving this because you authored the thread.
Reply to this email directly, view it on GitHub, or mute the thread.