Minor but annoying CSRF bug fixed.

#15664 (ツ) johnfound
Created 21.11.2018, read: 4864 times

A minor, but annoying CSRF vulnerability has been fixed. It allowed an attack on /!logout function through image tags. Such as below:

 [!/!logout][Attack image]
The attack image

Attack image

Of course, now it is safe.

Updating the engine and the templates is recommended.

The changed files can be seen here: Notice how the logout link is replaced by a form and submit button, styled as an ordinary link.

i can not find below files

Modified source/accounts.asm Modified source/ToDo.txt

#15666 (ツ) johnfound
Created 21.11.2018, read: 4847 times

Minor but annoying CSRF bug fixed.

