2010/5/10 Tom Boutell <[email protected]>: > The bind() call in processForm() allows the ID in the submitted form > to override what you just checked.
Ok, I'm starting to understand now. But CSRF protection should protect against malicious forms crafted by someone else. > (Unless you've hacked up your > processForm, which I can't see. But if it's the standard CRUD one > that's what will happen.) -- If you want to report a vulnerability issue on symfony, please send it to security at symfony-project.com You received this message because you are subscribed to the Google Groups "symfony developers" group. To post to this group, send email to [email protected] To unsubscribe from this group, send email to [email protected] For more options, visit this group at http://groups.google.com/group/symfony-devs?hl=en
