Closed asmecher closed 1 year ago
Thanks for the report, @asmecher.
We make the correction, introducing the check pointed out.
The pull request has already been accepted and a new version made available in the gallery.
Thanks, @pablovp86, I saw that!
The settings form for this plugin doesn't implement CSRF checks.
This can be added with just a couple of lines.
In the form template, use the
{csrf}
Smarty helper to add the CSRF data: https://github.com/pkp/oaiJats/blob/0f91a917d3e4ae04826f65cda13b5dd71fb6bfa0/templates/settingsForm.tpl#L26In the form, add the CSRF check to the form's check list: https://github.com/pkp/oaiJats/blob/0f91a917d3e4ae04826f65cda13b5dd71fb6bfa0/OAIJatsSettingsForm.inc.php#L37