Type-O in Cross Site Request Forgery errors CRSF instead of CSRF
- Status
- Pending
- Subject
- Type-O in Cross Site Request Forgery errors CRSF instead of CSRF
- Category
- Consistency
- Resolution status
- Fix on the Way
- Submitted by
- Michel Ram
- Volunteered to solve
- Elifeleti Mukisa Dan
- Lastmod by
- Ushindi Gedeon
- Rating
- Description
Hey all,
I believe I have found a very minor issue.
There appears to be a type-O in the message that show up when a cross-site request forgery error is reported.
At first glance I think this can simply be adjusted to be CSRF without any problems, as it's not a query but simply a log line that's added. It messed with my head a little when trying to fix it on our site. I thought this must be some new thing I missed out on or something. But it appears to be a type-o in the code in some limited places.It's mostly localized in lib/tikiaccesslib.php in some local variables, where a message also gets added to the Action Log that reports CRSF instead of CSRF.
There's also a line in db/tiki.sql and installer/schema/20231119_extend_actionlog_conf_crsf_error_tiki.sql that inserts 'CRSF Error' into the tiki_actionlog_conf table instead of 'CSRF Error'.If this is already known, and not needed to fix, feel free to delete this bug report.
- Solution
- Workaround
- Importance
- 4
- Easy to solve?
- 7
- Priority
- 28
- Demonstrate Bug on Tiki 19+
-
This bug has been demonstrated on show2.tiki.org
Please demonstrate your bug on show2.tiki.org
Show.tiki.org is not configured properlyThe public/private keys configured to connect to show2.tiki.org were not accepted. Please make sure you are using RSA keys. Thanks.
- Demonstrate Bug (older Tiki versions)
-
This bug has been demonstrated on show.tikiwiki.org
Please demonstrate your bug on show.tikiwiki.org
Show.tiki.org is not configured properlyThe public/private keys configured to connect to show.tikiwiki.org were not accepted. Please make sure you are using RSA keys. Thanks.
- Ticket ID
- 8766
- Created
- Wednesday 05 March, 2025 10:24:11 UTC
by Michel Ram - LastModif
- Tuesday 18 March, 2025 15:07:42 UTC