After a mail discussion with @amElnagdy, we agreed on publishing PRs fixing the vulnerabilities left and get it quickly merged and deployed.
This PR prevents CSRF attacks by adding nonces to each HTML form (two, in this case). Each new AJAX endpoint must use Salter::check_nonce before performing any action, to ensure that the provided nonce is valid.
The code has been tested by myself, but you can confirm it's working flawlessly before merging, that would be perfect 👌
After a mail discussion with @amElnagdy, we agreed on publishing PRs fixing the vulnerabilities left and get it quickly merged and deployed.
This PR prevents CSRF attacks by adding nonces to each HTML form (two, in this case). Each new AJAX endpoint must use
Salter::check_noncebefore performing any action, to ensure that the provided nonce is valid.The code has been tested by myself, but you can confirm it's working flawlessly before merging, that would be perfect 👌