6.0.0-beta1
8/15/25

[#12796] Several Cross Site Request Forgery in Rule Section
Summary Several Cross Site Request Forgery in Rule Section
Queue Ingo
Queue Version 3.1.2
Type Bug
State Resolved
Priority 3. High
Owners Horde Developers (at) , slusarz (at) horde (dot) org
Requester m.benetrix (at) e-secure (dot) com (dot) au
Created 10/25/2013 (4312 days ago)
Due
Updated 10/29/2013 (4308 days ago)
Assigned 10/25/2013 (4312 days ago)
Resolved 10/25/2013 (4312 days ago)
Github Issue Link
Github Pull Request
Milestone 3.1.3
Patch No

History
10/29/2013 04:54:09 PM samuel (dot) wolf (at) wolf-maschinenbau (dot) de Comment #8 Reply to this comment
When will be 3.1.3 uploaded to pear.horde.org?
http://marc.info/?l=horde-announce&m=138306480208141&w=2
10/29/2013 11:45:21 AM math (dot) parent (at) gmail (dot) com Comment #7 Reply to this comment
When will be 3.1.3 uploaded to pear.horde.org?
10/25/2013 07:48:57 PM Michael Slusarz State ⇒ Resolved
 
10/25/2013 07:47:03 PM Michael Slusarz Comment #6 Reply to this comment
Merged to Ingo 3.1.3.
10/25/2013 07:42:07 PM Git Commit Comment #5 Reply to this comment
Changes have been made in Git (master):

commit e5c585867f908322346b37b43ef6460e7d0096c8
Author: Michael M Slusarz <slusarz@horde.org>
Date:   Thu Oct 24 23:42:23 2013 -0600

     [mms] SECURITY: Protect against CSRF attacks by using tokens on 
destructive actions (CVE-2013-6275; Bug #12796; Marcela Benetrix 
<m.benetrix@e-secure.com.au>).

  ingo/docs/CHANGES            |    3 ++
  ingo/lib/Basic/Base.php      |   52 
++++++++++++++++++++++++++++++++++++++++++
  ingo/lib/Basic/Blacklist.php |    7 ++++-
  ingo/lib/Basic/Filters.php   |   16 ++++++++++--
  ingo/lib/Basic/Forward.php   |    3 +-
  ingo/lib/Basic/Rule.php      |   17 +++++++++----
  ingo/lib/Basic/Script.php    |   12 +++++++--
  ingo/lib/Basic/Spam.php      |    3 +-
  ingo/lib/Basic/Vacation.php  |    3 +-
  ingo/lib/Basic/Whitelist.php |    7 ++++-
  ingo/package.xml             |    4 +-
  11 files changed, 107 insertions(+), 20 deletions(-)

http://git.horde.org/horde-git/-/commit/e5c585867f908322346b37b43ef6460e7d0096c8
10/25/2013 08:58:37 AM Jan Schneider Comment #4 (Private)
[Hidden]
10/25/2013 05:46:47 AM Michael Slusarz Comment #3 (Private)
New Attachment: bug_12796.patch Download
[Hidden]
10/25/2013 05:06:07 AM Michael Slusarz Assigned to Michael Slusarz
Milestone ⇒ 3.1.3
Assigned to Horde DevelopersHorde Developers
 
10/25/2013 05:05:42 AM Michael Slusarz Comment #2 (Private)
Version ⇒ 3.1.2
Priority ⇒ 3. High
State ⇒ Assigned
Queue ⇒ Ingo
[Hidden]
10/25/2013 01:59:17 AM m (dot) benetrix (at) e-secure (dot) com (dot) au Comment #1 (Private)
Priority ⇒ 2. Medium
Type ⇒ Bug
Summary ⇒ Several Cross Site Request Forgery in Rule Section
Due ⇒ 11/14/2013
Queue ⇒ Horde Groupware Webmail Edition
Milestone ⇒ 5.1.2
Patch ⇒ No
State ⇒ Unconfirmed
[Hidden]
New Ticket
My Tickets
Search
Query Builder
Reports

Saved Queries

Open Bugs
Bugs waiting for Feedback
Open Bugs in Releases
Open Enhancements
Enhancements waiting for Feedback
Bugs with Patches
Enhancements with Patches
Release Showstoppers
Stalled Tickets
New Tickets
Horde 5 Showstoppers