Text only | Text with Images

ElkArte Community

Elk Development => Feature Discussion => Exterminated Features => Topic started by: emanuele on May 07, 2016, 04:13:13 pm

Title: Anti-CSRF fix in img tag useless?
Post by: emanuele on May 07, 2016, 04:13:13 pm
Good point:
http://www.simplemachines.org/community/index.php?topic=545700.0

Quote from: qcHowever, it has always been and is still possible to include images with such an "action"-URL by simply pointing to an HTTP-redirect, e.g. [img]http://bit.ly/blabla[/img] with http://bit.ly/blabla redirecting to /index.php?action=DANGEROUS

In summary: this fix never worked, and should therefore be removed. The underlying problem that this fix was addressing should be fixed directly by e.g. introducing CSRF protection tokens where they are still missing (e.g. search).
Title: Re: Anti-CSRF fix in img tag useless?
Post by: Frenzie on May 08, 2016, 04:32:43 am
I thought the referer [sic] header was checked for that purpose?
Title: Re: Anti-CSRF fix in img tag useless?
Post by: emanuele on May 08, 2016, 04:42:32 am
The idea is exactly that one (not only the referer but the section id as well), the reason I posted that one is because I'd like to be sure there isn't any place left that doesn't use checkSession. ;)
Text only | Text with Images