Add CSRF protection to cron

Created on 1 March 2015, over 9 years ago

Updated 26 May 2023, over 1 year ago

In #2431283: Cron CSRF vulnerability → we are planning to add CSRF protection to cron in the core.
Since admin_menu exposes a link for running cron manually, which points to the core menu callback, its code should be amended to reflect those changes.
We must coordinate and find ways to release this security improvement in the less disruptive way possible.
Please follow the core issue

🐛 Bug report

Status

Fixed

Version

3.0

Component

Code

Created by

🇮🇹Italy willzyx

Live updates comments and jobs are added and updated live.

Incomplete comments

Comments & Activities

Not all content is available!

It's likely this issue predates Contrib.social: some issue and comment data are missing.

Comment almost 2 years ago →
🇮🇳India newswatch Delhi/Bangalore
Tha patch works. Thank you.
Comment over 1 year ago →
🇨🇦Canada awasson
Any thoughts on when or if this will be rolled to the Stable or Dev versions of Admin Menu?
Comment over 1 year ago →
solideogloria

contrib.social Blog FAQ Discussions

Production build 0.71.5 2024