Ubuntu One Servers

Clicking on /plan/5/buy immediately cancels current subscription. GET modifies state.

Bug #657608 reported by Roman Yepishev on 2010-10-10

This bug affects 1 person

Affects		Status	Importance	Assigned to	Milestone
	Ubuntu One Servers	Fix Released	High	Martin Albisetti	Ubuntu One Servers post-m-cleanup

Bug Description

I clicked a link provided in the customer email:

https://one.ubuntu.com/ plans/ plan/ 5/ buy/

This immediately canceled my 20Gb subscription. I believe subscription changes should be handled only when POST request is issued with CSRF protection.

Tags:

Roman Yepishev (rye) on 2010-10-10

visibility:

private → public

Martin Albisetti (beuno) on 2010-10-10

Changed in ubuntuone-servers:
status:	New → Triaged
importance:	Medium → High

Martin Albisetti (beuno) on 2010-10-11

Changed in ubuntuone-servers:
assignee:	Ubuntu One web team (ubuntuone-web) → Martin Albisetti (beuno)
status:	Triaged → In Progress
milestone:	none → post-m-cleanup

Martin Albisetti (beuno) on 2010-10-12

Changed in ubuntuone-servers:
status:	In Progress → Fix Released

Report a bug

This report contains Public information

Everyone can see this information.

You are

Subscribing...

Edit bug mail

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.