Task #34563

Story #26376: TER

Mark versions insecure

Added by Joern Bock about 2 years ago. Updated about 2 years ago.

Status:Resolved Start date:2012-03-06
Priority:Must have Due date:
Assignee:Tolleiv Nietsch % Done:

0%

Category:[FOR] TER
Target version:-
Votes: 0

Description

It is possible to mark a version of an extension as insecure. Unfortunately the checkbox is not saved after hitting the button "Update".

I remember this is caused by an extbase bug. But we need to fix that before launch.


Related issues

related to The typo3.org project - Task #34565: Display status of the version of an extension Resolved 2012-03-06

History

Updated by Georg Ringer about 2 years ago

please also give the security team some days time to test those things properly before going live, thanks!

Updated by HDNET about 2 years ago

  • Assignee changed from Kai Vogel to HDNET

Updated by Helmut Hummel about 2 years ago

The current implementation seems buggy. Kai fixed some things on the T3BORD but I don't know if that went into the SVN.

Additionally I wonder why extensions marked as insecure in the current TER, are still visible on preview:

http://preview.typo3.org/extensions/repository/view/t3extplorer

We marked this extension insecure in february (see http://typo3.org/teams/security/security-bulletins/typo3-extensions/typo3-ext-sa-2012-003/) and the latest extension import seems to be from today, but t3extplorer is visible on preview.

Updated by HDNET about 2 years ago

  • Status changed from New to Under Review
  • Assignee changed from HDNET to Tolleiv Nietsch

We added Review->update to the FlexForm switchableControllerActions in Revision 59862 to the terfe Branch ter_fe2. (http://forge.typo3.org/projects/extension-terfe/repository/revisions/59862)
In addition there need to be some RealURL changes. We have informed Tolleiv about this. After updating the Plugin must be saved with the new FlexForm settings.

Updated by Christian Zenker about 2 years ago

pushed changes to show the form only to TER admins in r2269.

Make sure to put the TER guys in the correct group "TER Admin" later on.

Updated by Christian Zenker about 2 years ago

fixed on typo3.org

Updated by Tolleiv Nietsch about 2 years ago

  • Status changed from Under Review to Resolved

I assume this works fine now.

Updated by Helmut Hummel about 2 years ago

In fact it did not work until now. There still were problems with the TS configuration which I fixed in the SVN and on the live page now.

Besides that, it could not work because the login is forbidden on the TER FE pages, thus the review part never was shown.

Because of that I put the plugin on a protected page and enabled the login for that page.

http://typo3.org/index.php?id=521

Now it works, but is a bit inconvenient as realurl seems only to be configured for the original branch and the search somehow does not work.
We now have to figure out the correct parameters to show the extension we want.

To sum it up the original problem is solved, but I will open followup tickets to get the final things working.

Also available in: Atom PDF