You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@roller.apache.org by "Dave Johnson (JIRA)" <ji...@apache.org> on 2012/05/22 04:47:40 UTC
[jira] [Created] (ROL-1944) Salt values in all HTML forms
Dave Johnson created ROL-1944:
---------------------------------
Summary: Salt values in all HTML forms
Key: ROL-1944
URL: https://issues.apache.org/jira/browse/ROL-1944
Project: Roller
Issue Type: Improvement
Components: User Interface - General
Affects Versions: 5.0
Reporter: Dave Johnson
Assignee: Roller Unassigned
Fix For: 5.0.1
Every HTML form used in Roller should include a "salt" field with a random value created and tracked by the Roller installation in the pluggable Roller cache system (to enable distributed implementations). Every HTTP post to Roller's /roller-ui pages should be checked for a valid salt value and rejected if none found.
--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators: https://issues.apache.org/jira/secure/ContactAdministrators!default.jspa
For more information on JIRA, see: http://www.atlassian.com/software/jira
[jira] [Resolved] (ROL-1944) Salt values in all HTML forms
Posted by "Dave Johnson (JIRA)" <ji...@apache.org>.
[ https://issues.apache.org/jira/browse/ROL-1944?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Dave Johnson resolved ROL-1944.
-------------------------------
Resolution: Fixed
Assignee: Dave Johnson (was: Roller Unassigned)
Fixed in the roller_5.0 branch
http://svn.apache.org/viewvc?view=revision&revision=1340501
> Salt values in all HTML forms
> -----------------------------
>
> Key: ROL-1944
> URL: https://issues.apache.org/jira/browse/ROL-1944
> Project: Roller
> Issue Type: Improvement
> Components: User Interface - General
> Affects Versions: 5.0
> Reporter: Dave Johnson
> Assignee: Dave Johnson
> Fix For: 5.0.1
>
>
> Every HTML form used in Roller should include a "salt" field with a random value created and tracked by the Roller installation in the pluggable Roller cache system (to enable distributed implementations). Every HTTP post to Roller's /roller-ui pages should be checked for a valid salt value and rejected if none found.
--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators: https://issues.apache.org/jira/secure/ContactAdministrators!default.jspa
For more information on JIRA, see: http://www.atlassian.com/software/jira