Bug #24922
closed
Problem with CSRF Protection: Changing access permissions on a sys folder to include a user group
Added by Chris Bischoff over 13 years ago.
Updated about 11 years ago.
Description
Changing access permissions on a sys folder to include a user group throws this error:
"Validating the security token of this form has failed. Please reload the form and submit it again."
Deleting caches and temp files has no effect.
This issue appeared after upgrading from 4.4.6 to 4.5.0.
(issue imported from #M17437)
Files
I could not reproduce that, Chris. I tried using the Web>Access module and then either the "User overview" page and also the "Permissions" page, and different methods of changing the group permission, and all of them worked.
Could you be more specific or maybe add a screenshot or two? Thanks!
I've included a screenshot of the backend which illustrates the issue. It happens when I try to add a group to the access permission of the Direct Mail system folder. Could it be related to the Direct Mail extension? I don't know.
Thank you so much for your help.
This seems to come from some extension which enhances the default permission system of TYPO3 by allowing multiple groups per page. This is not standard core behaviour (where you can only assign one group to each page).
Could you please check if you have an extension that does this installed so that we could get in touch with the author to work on a compatible 4.5 variant for it? Thanks!
I believe it would be "Backend ACL" (be_acl). They just released a new version (1.4.1), but the issue still exists.
Sorry that this is not actually a T3 Core issue. I really appreciate your help.
Since be_acl is well known and used a lot around, I'll get in touch with Sebastian (its author) to see if we can have the form protection feature integrated. Attached to this issue is something that "might work", which adds the security token to the pertinent FORM on the XCLASSed file. Try to apply that patch to the be_acl/res/class.ux_sc_mod_web_perm_index.php file.
Thanks for your feedback and I'll close this issue for now, as its not a core bug.
- Status changed from Closed to Under Review
- Status changed from Under Review to Closed
- Target version deleted (
0)
Opened by a gerrit code review, with false issue number. So closing this issue again.
Also available in: Atom
PDF