Closed jsyeo closed 8 years ago
Upmin is no longer maintained, you might want to look at https://github.com/thoughtbot/administrate instead.
If you're actively using Upmin, and wish to take over development, I"m sure the owner would be open to it.
@mbrookes yep, I am aware of that. I am just submitting this PR just in case there are people still using upmin. Do note that the maintainer announced that he is no longer maintaining this only just five months ago.
Just saying. :smile: I'll merge without review, but it's unlikely to get published.
Thanks!
Both
DashboardController
andModelsController
inherit fromApplicationController
and it is a direct subclass ofActionController::Base
, but it doesn't callprotect_from_forgery
to turn on CSRF protection. Thus all the controllers in upmin are potentially vulnerable to CSRF attacks. This PR inserts a call in upmin'sApplicationController
to turn on CSRF verification in the application.