Project

General

Profile

Feature #7297

Add CSRF token to course backup import method

Added by Yannick Warnier almost 5 years ago. Updated over 4 years ago.

Status:
Feature implemented
Priority:
Normal
Category:
Backup
Target version:
Start date:
26/09/2014
Due date:
% Done:

100%

Estimated time:
1.00 h
Spent time:
Complexity:
Normal
SCRUM pts - complexity:
?

Description

In the course backup import method, there doesn't seem to be a CSRF protection, which also means that a simple refresh of the page re-executes the import.
This is an issue, in particular in distributed clusters, as the cluster itself might decide, if the operation takes too long, to ask another back-end, and in this case you end up with as many import as the number of back-ends.

Please add CSRF validation to course export, course import and course copy.

Associated revisions

Revision 729da0e9 (diff)
Added by Yannick Warnier over 4 years ago

Minor - code indentation - refs #7297

History

#1

Updated by Yannick Warnier almost 5 years ago

Ping Julio

#2

Updated by Yannick Warnier almost 5 years ago

  • Estimated time set to 1.00 h

Julio, I think this shouldn't take you too long and it's going to be complicated to assign to anyone else.
This requires changes to the formValidator in the backups to use the Security class and add a token

#3

Updated by Yannick Warnier almost 5 years ago

  • Assignee changed from Julio Montoya to Daniel Barreto
#4

Updated by Daniel Barreto over 4 years ago

  • % Done changed from 0 to 40
Things done:
  1. Add Security token(generate, add to form, check, clear) into these scripts:
    main/coursecopy/copy_course.php
    main/coursecopy/copy_course_session.php
    main/coursecopy/create_backup.php
    main/coursecopy/import_backup.php
    main/coursecopy/recycle_course.php
    

Send PR#389

https://github.com/chamilo/chamilo-lms/pull/389

#5

Updated by Yannick Warnier over 4 years ago

  • Status changed from Assigned to Feature implemented
  • % Done changed from 40 to 100

Reviewed and merged.

Also available in: Atom PDF