#66264 by boombatower, grendzy, et al: Remove CSRF vulnerability from comment module.

author: Angie Byron <webchick@24967.no-reply.drupal.org> 2010-03-28 07:00:30 +0000
committer: Angie Byron <webchick@24967.no-reply.drupal.org> 2010-03-28 07:00:30 +0000
commit: 3359fb5c1cd034aedc05fb961a3360f04a379c49 (patch)
tree: efcf93ada9c929ad7c7502d8d5c88cccad7411e2 /modules/comment/comment.test
parent: 3520ea515364a528d06fc8ad477a103ff168a1f7 (diff)
download: brdo-3359fb5c1cd034aedc05fb961a3360f04a379c49.tar.gz
brdo-3359fb5c1cd034aedc05fb961a3360f04a379c49.tar.bz2
1 files changed, 4 insertions, 0 deletions
diff --git a/modules/comment/comment.test b/modules/comment/comment.test
index ec355a13c..f9d151ea7 100644
--- a/modules/comment/comment.test
+++ b/modules/comment/comment.test
@@ -954,6 +954,10 @@ class CommentApprovalTest extends CommentHelperCase {
 
     // Approve comment.
     $this->drupalLogin($this->admin_user);
+    $this->drupalGet('comment/1/approve');
+    $this->assertResponse(403, t('Forged comment approval was denied.'));
+    $this->drupalGet('comment/1/approve', array('query' => array('token' => 'forged')));
+    $this->assertResponse(403, t('Forged comment approval was denied.'));
     $this->drupalGet('node/' . $this->node->nid);
     $this->clickLink(t('approve'));
     $this->drupalLogout();
author	Angie Byron <webchick@24967.no-reply.drupal.org>	2010-03-28 07:00:30 +0000
committer	Angie Byron <webchick@24967.no-reply.drupal.org>	2010-03-28 07:00:30 +0000
commit	3359fb5c1cd034aedc05fb961a3360f04a379c49 (patch)
tree	efcf93ada9c929ad7c7502d8d5c88cccad7411e2 /modules/comment/comment.test
parent	3520ea515364a528d06fc8ad477a103ff168a1f7 (diff)
download	brdo-3359fb5c1cd034aedc05fb961a3360f04a379c49.tar.gz brdo-3359fb5c1cd034aedc05fb961a3360f04a379c49.tar.bz2