[JC-1682] Sending private messages should use only POST (not GET) request - JTalks JIRA

Voters

Watchers

XML

Word

Printable

Details

Type: Bug
Status: Closed (View Workflow)
Priority: Minor
Resolution: Fixed
Affects Version/s: 2.3 Larks
Fix Version/s: 2.4 Larks
Labels:
- pm

Sprint:
2.4 Larks

Description

Steps to reproduce
Send GET request like

GET http://qa.jtalks.org/jcommune/pm?id=0&recipient=Check&title=Message+subject&body=Message+content&post=Send HTTP/1.1
Host: qa.jtalks.org
User-Agent: Mozilla/5.0 (Windows NT 6.1; rv:25.0) Gecko/20100101 Firefox/25.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,/;q=0.8
Accept-Language: ru-RU,ru;q=0.8,en-US;q=0.5,en;q=0.3
Accept-Encoding: gzip, deflate
Referer: http://qa.jtalks.org/jcommune/pm/new?senderId=82
Cookie: JSESSIONID=91C0DCFCE96028B739EDD1AD7304765A; SPRING_SECURITY_REMEMBER_ME_COOKIE=dUZJaHJIKy9BZHgxR0lUQmg1a1JwQT09OllYTWZCRDkrSndLTHNwYlhTRUFIQVE9PQ; GMT=-120; org.springframework.web.servlet.i18n.CookieLocaleResolver.LOCALE=en
Connection: keep-alive

(correct request for private message sending but with GET type, not POST)

Actual result
Request succesfully handled

Expected result
Error like "405 Method Not Allowed" should be received

Attachments

Issue Links

relates to

JC-1663 Security testing

Closed

JC-1634 PropertyAccessException in Private Messages

Closed

Structure

Activity

People

Assignee:

Julia Atlygina

Reporter:

Artem R

Votes:

0 Vote for this issue

Watchers:

4 Start watching this issue

Dates

Created:

20/Nov/13 9:51 PM

Updated:

15/Dec/13 8:17 PM

Resolved:

10/Dec/13 4:05 PM

Time Tracking

Estimated:

Not Specified

Remaining:

Logged: