View Issue Details

Jump to NotesJump to HistorySearch commits
IDProjectCategoryView StatusDate SubmittedLast Update
0000510Composr[All Projects] General / Uncategorisedpublic2012-05-27 12:452012-05-27 12:45
ReporterChris GrahamAssigned ToChris Graham 
SeverityMinor-bug 
Status resolvedResolutionfixed 
Product Version 
Fixed in Version 
Summary0000510: Clickjacking hacks could be performed
DescriptionClickjacking hacks work by persuading someone to click a button by directing them to a malicious site that overlays something else on top of the target site (using frames and CSS positioning), and effectively misdirecting the users click.

Use the newish 'X-Frame-Options' header to protect against this, for forms and form any zone configured as protected.
TagsNo tags attached.
Time estimation (hours)
Sponsorship open

Activities

Chris Graham

2012-05-27 12:45

administrator   ~0000540

Fixed in git commit 90d715c (https://github.com/chrisgraham/Composr/commit/90d715c)

A hotfix (a TAR of files to upload) have been uploaded to this issue. These files are made to the latest intra-version state (i.e. may roll in earlier fixes too if made to the same files) - so only upload files newer than what you have already. Always take backups of files you are replacing, and only apply fixes you need. These hotfixes are not necessarily reliable or well supported.

Chris Graham

2012-05-27 12:45

administrator  

hotfix-510, 2012-05-27 1pm.tar (184,320 bytes)

Chris Graham

2012-05-27 20:07

administrator   ~0000556

Automated response: Parse error in clickjack protection change

Fix accidentally caused parse error.

Chris Graham

2012-05-27 20:07

administrator   ~0000557

Fixed in git commit 8d33a0a (https://github.com/chrisgraham/Composr/commit/8d33a0a - link will become active once code pushed)

A hotfix (a TAR of files to upload) have been uploaded to this issue. These files are made to the latest intra-version state (i.e. may roll in earlier fixes too if made to the same files) - so only upload files newer than what you have already. Always take backups of files you are replacing or keep a copy of the manual installer for your version, and only apply fixes you need. These hotfixes are not necessarily reliable or well supported. Not sure how to extract TAR files to your Windows computer? Try 7-zip (http://www.7-zip.org/).

hotfix-510, 2012-05-27 8pm.tar (51,200 bytes)

Issue History

Date Modified Username Field Change
2023-02-26 18:29 Chris Graham Category General => General / Uncategorised