14597: deleting question group are not CRSF protected - LimeSurvey bugs and feature requests

This bug affects 1 person(s).

252

ID	Project	Category	View Status	Date Submitted	Last Update

14597	Bug reports	Security	public	2019-03-05 08:15	2019-04-30 09:11

Reporter	DenisChenu	Assigned To	DenisChenu
Priority	none	Severity	partial_block
Status	closed	Resolution	fixed
Product Version	3.15.x

Summary	14597: deleting question group are not CRSF protected
Description	No CRSF protection when deleting Question group
Steps To Reproduce	Add this to group description `index.php?r=admin/questiongroups/sa/delete/surveyid/{SID}/gid/{GID}` Preview, click … group deleted
Additional Information	All DB action must be CRSF protected
Tags	No tags attached.

Bug heat	252
Complete LimeSurvey version number (& build)	3.16.1 github
I will donate to the project if issue is resolved	No
Browser	not relevant
Database type & version	not relevant
Server OS (if known)	not relevant
Webserver software & version (if known)	not relevant
PHP Version	not relevant

User List	There are no users monitoring this issue.

Date Modified	Username	Field	Change
2019-03-05 08:15	DenisChenu	New Issue
2019-03-05 08:15	DenisChenu	Status	new => assigned
2019-03-05 08:15	DenisChenu	Assigned To	=> DenisChenu
2019-03-05 08:16	DenisChenu	Steps to Reproduce Updated
2019-03-05 08:16	DenisChenu	Steps to Reproduce Updated
2019-03-05 08:18	DenisChenu	Product Version	=> 3.15.x
2019-03-05 08:18	DenisChenu	Steps to Reproduce Updated
2019-03-05 08:47	DenisChenu	Status	assigned => resolved
2019-03-05 08:47	DenisChenu	Resolution	open => fixed
2019-03-05 08:47	DenisChenu	Note Added: 50764
2019-04-30 09:11	c_schmitz	Status	resolved => closed

DenisChenu 2019-03-05 08:47 developer ~50764	https://github.com/LimeSurvey/LimeSurvey/commit/5ee2704cf8c07e8a84778b9209b2b4d1143526a2