mystamps icon indicating copy to clipboard operation
mystamps copied to clipboard
verified publisher icon php-coder

Add integration tests for checking that secured resources can't be accessed with modified URL

Open php-coder opened this issue 9 years ago • 2 comments

After applying fix against CVE-2016-5007 (see 10a7f23efb1a5c8307154ec0d9818fb0102c4ddf) we also should add integration tests to ensure that, for example, unauthorized user can't access /series/add by changing URL to /series/add/ or /series/add.html

php-coder avatar Jul 11 '16 13:07 php-coder

These tests also should cover the similar issue with /series/add/category/test and /series/add/country/test from #445

php-coder avatar Aug 17 '16 18:08 php-coder

These tests also should cover the similar issue with /series/add/category/test and /series/add/country/test from #445

Since e579d538ce38824bf746f72e2653a6ad76f73862 commit URLs were changed to: /series/add?category=test and /series/add?country=test respectively.

php-coder avatar Dec 27 '16 19:12 php-coder