What steps will reproduce the problem?
1. Log in to forum
2. Open the edit page for a post that you have created.
3. Open debugger and run a jQuery.Ajax request to select the form and submit
the serialized data to the edit link.
RISK:
while I performed this in debugger, the same code can be executed from another
page that knows the link while your forum session is still active
SOLUTION:
I solved this by changing the source of the edit() and editSave() functions to
include the captcha request.
What version of the product are you using? On what operating system,
database, and application server/servlet container?
* Product: JForum 2.3.6
* OS: Amazon EC2
* DB: MySql
* AP: tomcat 7
Please provide any additional information below.
Original issue reported on code.google.com by mangelow...@gmail.com on 12 Sep 2014 at 9:15
Original issue reported on code.google.com by
mangelow...@gmail.com
on 12 Sep 2014 at 9:15