Opened 4 years ago
Last modified 4 years ago
#55923 new defect (bug)
Search by month can be changed to search invalid month
| Reported by: |
|
Owned by: | |
|---|---|---|---|
| Milestone: | Awaiting Review | Priority: | normal |
| Severity: | normal | Version: | |
| Component: | General | Keywords: | |
| Focuses: | Cc: |
Description
In admin 'Posts' page, the search date can be selected by drop down menu:
However, client-side attackers can bypass items in drop down menu by intercepting the 'm' field in request, which will return data from other months that are not included in the drop down menu.
Note: See
TracTickets for help on using
tickets.
Thanks for reporting the ticket,
But I am not sure about validating filters. who has the right access can see posts by the filters only otherwise access is denied.