CSRF on Edit post page

[GoogleCodeExporter]

What steps will reproduce the problem?
1. Log in to forum
2. Open the edit page for a post that you have created.
3. Open debugger and run a jQuery.Ajax request to select the form and submit 
the serialized data to the edit link.

RISK: 
while I performed this in debugger, the same code can be executed from another 
page that knows the link while your forum session is still active

SOLUTION:
I solved this by changing the source of the edit() and editSave() functions to 
include the captcha request.

What version of the product are you using? On what operating system,
database, and application server/servlet container?
* Product: JForum 2.3.6
* OS: Amazon EC2
* DB: MySql
* AP: tomcat 7

Please provide any additional information below.

Original issue reported on code.google.com by mangelow...@gmail.com on 12 Sep 2014 at 9:15

[GoogleCodeExporter]

I've done some fix for CSRF in r382. Try it.

Original comment by andow...@gmail.com on 24 Jan 2015 at 5:15

• Changed state: Fixed