Loading...
 
Skip to main content

Type-O in Cross Site Request Forgery errors CRSF instead of CSRF

Status
Pending
Subject
Type-O in Cross Site Request Forgery errors CRSF instead of CSRF
Category
  • Consistency
Resolution status
Fix on the Way
Submitted by
Michel Ram
Volunteered to solve
Elifeleti Mukisa Dan
Lastmod by
Ushindi Gedeon
Rating
(0)
Description

Hey all,

I believe I have found a very minor issue.
There appears to be a type-O in the message that show up when a cross-site request forgery error is reported.
At first glance I think this can simply be adjusted to be CSRF without any problems, as it's not a query but simply a log line that's added. It messed with my head a little when trying to fix it on our site. I thought this must be some new thing I missed out on or something. But it appears to be a type-o in the code in some limited places.

It's mostly localized in lib/tikiaccesslib.php in some local variables, where a message also gets added to the Action Log that reports CRSF instead of CSRF.
There's also a line in db/tiki.sql and installer/schema/20231119_extend_actionlog_conf_crsf_error_tiki.sql that inserts 'CRSF Error' into the tiki_actionlog_conf table instead of 'CSRF Error'.

If this is already known, and not needed to fix, feel free to delete this bug report.

Solution
Workaround
Importance
4
Easy to solve?
7
Priority
28
Demonstrate Bug on Tiki 19+
Demonstrate Bug (older Tiki versions)
Ticket ID
8766
Created
Wednesday 05 March, 2025 10:24:11 UTC
by Michel Ram
LastModif
Tuesday 18 March, 2025 15:07:42 UTC


Show PHP error messages