[checkmk-commits] [tribe29/checkmk] 3edd58: 11085 SEC Icon upload: Add missing transaction val...

Branch: refs/heads/1.6.0 Home: https://github.com/tribe29/checkmk Commit: 3edd587dbed6fecebeb17220cca559d27fdb57dd https://github.com/tribe29/checkmk/commit/3edd587dbed6fecebeb17220cca559d27… Author: Lars Michelsen <lm(a)tribe29.com> Date: 2020-07-03 (Fri, 03 Jul 2020) Changed paths: A .werks/11085 M cmk/gui/wato/pages/icons.py Log Message: ----------- 11085 SEC Icon upload: Add missing transaction validation The transaction IDs (CSRF tokens) were not validated while processing the upload of icons. This alone is not a security hole, rather a lack of validation of this call. Change-Id: Ie014ca7f6714cdbdf58cadf4939c8bd0e4d909f8