Plugin Uploading Issues - git HEAD

Daniel_Hams · June 9, 2016, 9:23am

Dear all,

With latest GIT head I’m unable to upload plugins via the admin console of Openfire. Is this the same for everyone?

I did a little manual git bisection and as far as I can tell it seems to have been broken by this commit:

OF-777 CVE-2015-6973 CSRF protection (part 4) · igniterealtime/Openfire@7c49987 · GitHub

The version before still allows file upload.

For what it’s worth, I can get file upload to work if I comment out the CSRF cookie tests in plugin-admin.jsp:65

Cheers,

Dan

wroot · June 9, 2016, 1:39pm

I can confirm that problem and commented on that here [OF-777] Admin Console Cross Site Request Forgery (CSRF) Vulnerability - IgniteRealtime JIRA

wroot · June 10, 2016, 12:40pm

This issue has been brought up in the chat today and i think Guus is planning to make a fix to workaround this problem.