search

lepidus / toggleRequiredMetadata

GNU General Public License v3.0
2 stars 1 forks source link

Add CSRF checking to settings form #1

Closed asmecher closed 1 year ago

asmecher commented 1 year ago

The settings form for this plugin doesn't implement CSRF checks.

This can be added with just a couple of lines.

In the form template, use the {csrf} Smarty helper to add the CSRF data: https://github.com/pkp/oaiJats/blob/0f91a917d3e4ae04826f65cda13b5dd71fb6bfa0/templates/settingsForm.tpl#L26

In the form, add the CSRF check to the form's check list: https://github.com/pkp/oaiJats/blob/0f91a917d3e4ae04826f65cda13b5dd71fb6bfa0/OAIJatsSettingsForm.inc.php#L37

pablovp86 commented 1 year ago

Thanks for the report, @asmecher.

We make the correction, introducing the check pointed out.

The pull request has already been accepted and a new version made available in the gallery.

asmecher commented 1 year ago

Thanks, @pablovp86, I saw that!