Opened 6 years ago

Closed 6 years ago

#2178 closed enhancement (fixed)

Tabindexes on CSRF-Page

Reported by: ramon.wenger Owned by: comvation
Priority: normal Milestone: unknown
Component: other(specify) Version: 3.1.1
Severity: normal Keywords:
Cc:

Description

Please change the HTML-code on the CSRF-page as follows:

<div id="container">

<h1 id="title">Contrexx security information</h1> <div id="message">You are changing the system configuration. If you see this message<ul><li>after clicking a link in the administration interface, click <a tabindex="-1" href="javascript:sendData();">save changes</a></li><li>after clicking a link inside an e-mail message or outside the administration interface, click <a tabindex="-1" href="index.php?cmd=pm&amp;csrf=MjAxNDIyNzQ4NzYxMg">discard changes</a></li></ul></div> <a id="abort" class="button" href="index.php?cmd=pm&amp;csrf=MjAxNDIyNzQ4NzYxMg" tabindex="1">discard changes</a> <a id="continue" class="button" href="javascript:sendData();" tabindex="2">save changes</a> <form method="get" action="/po/cadmin/index.php?-term=cobra&amp;search_project=Search&amp;assigned_to=0&amp;project_type=0&amp;status=0&amp;priority=0&amp;invoice_filter%5B0%5D=3&amp;invoice_filter%5B1%5D=2&amp;StartDate?=&amp;EndDate?=&amp;cmd=pm&amp;act=projects" id="theForm"><input type="hidden" name="csrf" value="MjAxNDIyNzQ4NzYxMg"><input type="hidden" name="search_project" value="Search"><input type="hidden" name="assigned_to" value="0"><input type="hidden" name="project_type" value="0"><input type="hidden" name="status" value="0"><input type="hidden" name="priority" value="0"><input type="hidden" name="invoice_filter[0]" value="3"><input type="hidden" name="invoice_filter[1]" value="2"><input type="hidden" name="StartDate?" value=""><input type="hidden" name="EndDate?" value=""><input type="hidden" name="cmd" value="pm"><input type="hidden" name="act" value="projects"></form>

</div>

Change History (1)

comment:1 Changed 6 years ago by riesen

  • Resolution set to fixed
  • Status changed from new to closed
Note: See TracTickets for help on using tickets.