I have checked in CSRF protection for the ZODBUserManager, ZODBRoleManager, ZODBGroupManager, and DynamicGroupsPlugin plugins:
http://svn.zope.org/Products.PluggableAuthService/trunk/?rev=128301&view=rev
http://svn.zope.org/Products.PluggableAuthService/trunk/?rev=128302&view=rev
http://svn.zope.org/Products.PluggableAuthService/trunk/?rev=128303&view=rev
http://svn.zope.org/Products.PluggableAuthService/trunk/?rev=128304&view=rev
http://svn.zope.org/Products.PluggableAuthService/trunk/?rev=128305&view=rev
I have verified that your exploit is now blocked.
I have checked in CSRF protection for the ZODBUserManager,
ZODBRoleManager, ZODBGroupManager, and DynamicGroupsPlugin
plugins:
http:// svn.zope. org/Products. PluggableAuthSe rvice/trunk/ ?rev=128301& view=rev
http:// svn.zope. org/Products. PluggableAuthSe rvice/trunk/ ?rev=128302& view=rev
http:// svn.zope. org/Products. PluggableAuthSe rvice/trunk/ ?rev=128303& view=rev
http:// svn.zope. org/Products. PluggableAuthSe rvice/trunk/ ?rev=128304& view=rev
http:// svn.zope. org/Products. PluggableAuthSe rvice/trunk/ ?rev=128305& view=rev
I have verified that your exploit is now blocked.