Actions
Task #55515
closed
Epic #55070: Workpackages
Epic #55066: WP: Security enhancements
Add CSRF Protection for tce_file.php
Start date:
2014-01-31
Due date:
% Done:
100%
Estimated time:
32.00 h
TYPO3 Version:
6.2
PHP Version:
Tags:
Complexity:
Sprint Focus:
Description
tce_file.php works as API/ entry point for file operations and must be CSRF protected (like tce_db.php)
- Add token check in tce_file.php
- Search all places where tce_file.php is used and add the token
- Especially all JS (d&d fileupload) needs to get the token (d&d upload is handled by ajax.php and needs special handling. This will be targeted in another change)
Updated by Alexander Schnitzler about 10 years ago
- Assignee set to Alexander Schnitzler
Updated by Gerrit Code Review about 10 years ago
- Status changed from Accepted to Under Review
Patch set 1 for branch master of project Packages/TYPO3.CMS has been pushed to the review server.
It is available at https://review.typo3.org/27691
Updated by Gerrit Code Review about 10 years ago
Patch set 2 for branch master of project Packages/TYPO3.CMS has been pushed to the review server.
It is available at https://review.typo3.org/27691
Updated by Gerrit Code Review about 10 years ago
Patch set 3 for branch master of project Packages/TYPO3.CMS has been pushed to the review server.
It is available at https://review.typo3.org/27691
Updated by Anonymous about 10 years ago
- Status changed from Under Review to Resolved
- % Done changed from 30 to 100
Applied in changeset 75281c9c7193fb28464a409836d4c8f7a79af9b9.
Updated by Riccardo De Contardi over 6 years ago
- Status changed from Resolved to Closed
Actions