Come together with the global Drupal community in Rotterdam, 28 Sept – 1 Oct 2026. Sessions, contribution, connection, and Early Bird savings until 8 June.This module doesn't check to see whether the user intended to load the URL when a vote is cast, leaving the module open to a CSRF attack, the scope of which is limited to unwittingly casting votes. Adding a token to the end of the URL should suffice.
Comments
Comment #1
gregglessubscribe
Comment #2
joshk commentedhandled by dmitrig