diff options
author | Angie Byron <webchick@24967.no-reply.drupal.org> | 2010-03-28 07:00:30 +0000 |
---|---|---|
committer | Angie Byron <webchick@24967.no-reply.drupal.org> | 2010-03-28 07:00:30 +0000 |
commit | 3359fb5c1cd034aedc05fb961a3360f04a379c49 (patch) | |
tree | efcf93ada9c929ad7c7502d8d5c88cccad7411e2 /modules/comment/comment.test | |
parent | 3520ea515364a528d06fc8ad477a103ff168a1f7 (diff) | |
download | brdo-3359fb5c1cd034aedc05fb961a3360f04a379c49.tar.gz brdo-3359fb5c1cd034aedc05fb961a3360f04a379c49.tar.bz2 |
#66264 by boombatower, grendzy, et al: Remove CSRF vulnerability from comment module.
Diffstat (limited to 'modules/comment/comment.test')
-rw-r--r-- | modules/comment/comment.test | 4 |
1 files changed, 4 insertions, 0 deletions
diff --git a/modules/comment/comment.test b/modules/comment/comment.test index ec355a13c..f9d151ea7 100644 --- a/modules/comment/comment.test +++ b/modules/comment/comment.test @@ -954,6 +954,10 @@ class CommentApprovalTest extends CommentHelperCase { // Approve comment. $this->drupalLogin($this->admin_user); + $this->drupalGet('comment/1/approve'); + $this->assertResponse(403, t('Forged comment approval was denied.')); + $this->drupalGet('comment/1/approve', array('query' => array('token' => 'forged'))); + $this->assertResponse(403, t('Forged comment approval was denied.')); $this->drupalGet('node/' . $this->node->nid); $this->clickLink(t('approve')); $this->drupalLogout(); |