Clicking on /plan/5/buy immediately cancels current subscription. GET modifies state.
Bug #657608 reported by
Roman Yepishev
This bug affects 1 person
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
Ubuntu One Servers |
Fix Released
|
High
|
Martin Albisetti |
Bug Description
I clicked a link provided in the customer email:
https:/
This immediately canceled my 20Gb subscription. I believe subscription changes should be handled only when POST request is issued with CSRF protection.
visibility: | private → public |
Changed in ubuntuone-servers: | |
status: | New → Triaged |
importance: | Medium → High |
Changed in ubuntuone-servers: | |
assignee: | Ubuntu One web team (ubuntuone-web) → Martin Albisetti (beuno) |
status: | Triaged → In Progress |
milestone: | none → post-m-cleanup |
Changed in ubuntuone-servers: | |
status: | In Progress → Fix Released |
To post a comment you must log in.