Commit a9c2c2dc authored by alexpott's avatar alexpott

Issue #2431283 by willzyx, David_Rothstein: Cron CSRF vulnerability

parent 8d4e4121
......@@ -102,7 +102,7 @@ public function testUpdateCron() {
sleep(1);
// Test: Execute cron and check if tasks are executed correctly.
// Run cron to process the tasks in the queue.
$this->drupalGet('admin/reports/status/run-cron');
$this->cronRun();
drupal_static_reset('locale_translation_get_file_history');
$history = locale_translation_get_file_history();
......
......@@ -106,4 +106,20 @@ function testCronUI() {
// the time will start at 1 January 1970.
$this->assertNoText('years');
}
/**
* Ensure that the manual cron run is working.
*/
public function testManualCron() {
$admin_user = $this->drupalCreateUser(array('administer site configuration'));
$this->drupalLogin($admin_user);
$this->drupalGet('admin/reports/status/run-cron');
$this->assertResponse(403);
$this->drupalGet('admin/reports/status');
$this->clickLink(t('run cron manually'));
$this->assertResponse(200);
$this->assertText(t('Cron ran successfully.'));
}
}
......@@ -219,6 +219,7 @@ system.run_cron:
_controller: '\Drupal\system\CronController::runManually'
requirements:
_permission: 'administer site configuration'
_csrf_token: 'TRUE'
entity.date_format.collection:
path: '/admin/config/regional/date-time'
......
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment