Homestyx hydra
Diffusion hydra bcf255e9c96b

Require CSRF submission to verify email addresses
bcf255e9c96b
Actions

Description

Require CSRF submission to verify email addresses

Summary: If an attacker somehow intercepts a verification URL for an email address, they can hypothetically CSRF the account owner into verifying it. What you'd do before (how do you get the link?) and after (why do you care that you tricked them into verifying) performing this attack is unclear, but in theory we should require a CSRF submission here; add one.

Test Plan: {F118691}

Reviewers: btrahan

Reviewed By: btrahan

CC: aran

Differential Revision: https://secure.phabricator.com/D8351

Details

Provenance
epriestleyAuthored on Feb 26 2014, 2:17 PM
sirocylPushed on Oct 16 2024, 5:49 AM
Parents
R1:424ba2e58887: Render inline comments in "Pro" mail
Branches
Unknown
Tags
Unknown

Event Timeline

Changes (1)

PathSize
src/
applications/
auth/
controller/

R1:bcf255e9c96b

View Options

src/applications/auth/controller/PhabricatorEmailVerificationController.php

Loading...
styx copyright 2020 sirocyl / ellie (kymkdd) / ncommander / styx contributors
Use of other names and brands is not intended to reflect a claim of, or right to, use the name or brand.
styx is an operating system using the Linux kernel and components, and "styx Linux" as a phrase does not reflect the inclusion of the Linux brand or trademark in the styx project.
Linux® is the registered trademark of Linus Torvalds in the U.S. and other countries.
Terms and Conditions (TODO: fix this!)