Details
-
Bug
-
Resolution: Fixed
-
Major
-
1.46
-
CSRF, bugfixingday
-
Description
A form_token parameter must be added to the url of the addNewMember
ajax request in XWiki.XWikiGroupSheet:
< var url = "${doc.getURL()}?xpage=adduorg&uorg=" + uorg + "&name=" + input.value; > var url = "${doc.getURL()}?xpage=adduorg&uorg=" + uorg + "&name=" + input.value + "&form_token=$!{services.csrf.getToken()}";