Plugin Uploading Issues - git HEAD

Dear all,

With latest GIT head I’m unable to upload plugins via the admin console of Openfire. Is this the same for everyone?

I did a little manual git bisection and as far as I can tell it seems to have been broken by this commit:

OF-777 CVE-2015-6973 CSRF protection (part 4) · igniterealtime/Openfire@7c49987 · GitHub

The version before still allows file upload.

For what it’s worth, I can get file upload to work if I comment out the CSRF cookie tests in plugin-admin.jsp:65



I can confirm that problem and commented on that here [OF-777] Admin Console Cross Site Request Forgery (CSRF) Vulnerability - IgniteRealtime JIRA

This issue has been brought up in the chat today and i think Guus is planning to make a fix to workaround this problem.