CSRF Protection (Token) on Forms

  • LAC Webadmin
  • Topic Author
  • Offline
  • Senior Boarder
  • Senior Boarder
More
2 months 2 weeks ago #120895 by LAC Webadmin
CSRF Protection (Token) on Forms was created by LAC Webadmin
Hi Tuan,

I'm looking at the search bar form (search.php) file and I noticed it is not using Joomla's security token for CSRF protection
<?php echo JHtml::_('form.token'); ?>
. Do you have alternative of this in your RAD framework? I have not checked other form files in events booking but is this something that you are not concerned about?

Thanks,

Jackson

Please Log in or Create an account to join the conversation.

More
2 months 2 weeks ago #120900 by Tuan Pham Ngoc
Replied by Tuan Pham Ngoc on topic CSRF Protection (Token) on Forms
Hi Jackson

No, we don't have alternative. Actually, at the moment, we don't have that token for the search form. Honestly, I am afraid of at this state, I could not add token check to it because if we do that, it will cause issue for users who made customization to the search form /search module

So for adding token check to this search feature, I am afraid of we will have to leave it to the next major release (EB version 4)

Regards,

Tuan

Please Log in or Create an account to join the conversation.

Moderators: Tuan Pham Ngoc