Provide a framework for CSRF protection, with tests.

Add CSRF protection to Asset editSave, AssetManager, VersionTags and Group operations.
2009-07-06 16:58:57 +00:00 · 2009-07-06 16:58:57 +00:00 · 5e4db3adb4
commit 5e4db3adb4
parent 4664ab7035
19 changed files with 362 additions and 62 deletions
--- a/lib/WebGUI/i18n/English/WebGUI.pm
+++ b/lib/WebGUI/i18n/English/WebGUI.pm
@ -4475,6 +4475,12 @@ Users may override this setting in their profile.
        lastUpdated => 0,
    },

+    'csrfToken' => {
+        message => 'CSRF Token',
+        lastUpdated => 0,
+        context => 'CSRF = Cross Site Request Forgery, token is a piece of identification',
+    },
+
 };

 1;