View Issue Details

Jump to NotesJump to History
This issue affects 1 person(s).
 252
IDProjectCategoryView StatusDate SubmittedLast Update
14597Bug reportsSecuritypublic2019-03-05 08:152019-04-30 09:11
ReporterDenisChenu Assigned ToDenisChenu  
PrioritynoneSeveritypartial_block 
Status closedResolutionfixed 
Product Version3.15.x 
Summary14597: deleting question group are not CRSF protected
Description

No CRSF protection when deleting Question group

Steps To Reproduce

Add this to group description
<a href="index.php?r=admin/questiongroups/sa/delete/surveyid/{SID}/gid/{GID}">Click here</a>

Preview, click … group deleted

Additional Information

All DB action must be CRSF protected

TagsNo tags attached.
Bug heat252
Complete LimeSurvey version number (& build)3.16.1 github
I will donate to the project if issue is resolvedNo
Browsernot relevant
Database type & versionnot relevant
Server OS (if known)not relevant
Webserver software & version (if known)not relevant
PHP Versionnot relevant

Users monitoring this issue

There are no users monitoring this issue.

Activities

DenisChenu

DenisChenu

2019-03-05 08:47

developer   ~50764

https://github.com/LimeSurvey/LimeSurvey/commit/5ee2704cf8c07e8a84778b9209b2b4d1143526a2

Issue History

Date Modified Username Field Change
2019-03-05 08:15 DenisChenu New Issue
2019-03-05 08:15 DenisChenu Status new => assigned
2019-03-05 08:15 DenisChenu Assigned To => DenisChenu
2019-03-05 08:16 DenisChenu Steps to Reproduce Updated
2019-03-05 08:16 DenisChenu Steps to Reproduce Updated
2019-03-05 08:18 DenisChenu Product Version => 3.15.x
2019-03-05 08:18 DenisChenu Steps to Reproduce Updated
2019-03-05 08:47 DenisChenu Status assigned => resolved
2019-03-05 08:47 DenisChenu Resolution open => fixed
2019-03-05 08:47 DenisChenu Note Added: 50764
2019-04-30 09:11 c_schmitz Status resolved => closed