Bug #59963: Invalid moduleToken in returnUrl of the shortcutMenu - TYPO3 Core - TYPO3 Forge

Actions

Copy link

Bug #59963

closed

Invalid moduleToken in returnUrl of the shortcutMenu

Added by Gernot Schulmeister almost 10 years ago. Updated over 5 years ago.

Status:

Closed

Priority:

Should have

Assignee:

Category:

Backend User Interface

Target version:

Start date:

2014-06-28

Due date:

% Done:

100%

Estimated time:

TYPO3 Version:

6.2

PHP Version:

Tags:

Complexity:

easy

Is Regression:

Yes

Sprint Focus:

Description

At the moment the moduleToken of the returnUrl in the shortcutMenu is stored statically in the database in the field url of sys_be_shortcuts.

If the user sets a shortcut for a record (for example be_users) the moduleToken of the returnUrl for this shortcut becomes invalid after he has logged out or if he uses another browser.

The consequence: If he uses the shortcut link and then saves and close or exit the record the invalide module token exception is thrown, see also the attached screenshots.

So also the module token of the returnUrl has to be generated dynamically for each backend session and must not be taken statically from the database. A first working approach could be to do this in the getTokenUrl($url) function of

sysext\backend\Classes\Toolbar\ShortcutToolbarItem.php

where already the module token for the shortcut link is generated. The following code works for me at the moment:

protected function getTokenUrl($url) {
        $parsedUrl = parse_url($url);
        parse_str($parsedUrl['query'], $parameters);
                // parse the returnUrl and replace the module token of it
                if (isset($parameters['returnUrl'])){
                    $parsedReturnUrl = parse_url($parameters['returnUrl']);
                    parse_str($parsedReturnUrl['query'], $returnUrlParameters);
                    if (strpos($parsedReturnUrl['path'], 'mod.php') !== FALSE && isset($returnUrlParameters['M'])) {
                            $module = $returnUrlParameters['M'];
                            unset($returnUrlParameters['M']);
                            unset($returnUrlParameters['moduleToken']);
                            $returnUrl = BackendUtility::getModuleUrl($module, $returnUrlParameters);
                            $parameters['returnUrl'] = $returnUrl;                            
                            $url = $parsedUrl['path']. '?'.http_build_query($parameters);                 
                    }
                }             
        if (strpos($parsedUrl['path'], 'mod.php') !== FALSE && isset($parameters['M'])) {
            $module = $parameters['M'];
            unset($parameters['M']);
            $url = str_replace('mod.php', '', $parsedUrl['path']) . BackendUtility::getModuleUrl($module, $parameters);
        }
        return $url;
    }

Files

Download all files

ShortcutCloseAfterEdit.png (202 KB) ShortcutCloseAfterEdit.png		Gernot Schulmeister, 2014-06-28 16:37
ShortcutInvalidToken.png (175 KB) ShortcutInvalidToken.png		Gernot Schulmeister, 2014-06-28 16:37

Related issues 1 (0 open — 1 closed)

Actions

Copy link

Updated by Markus Klein almost 10 years ago

Gernot, can you please push that to Gerrit. Thanks.

Actions

Copy link

Updated by Frans Saris almost 10 years ago

Is Regression changed from No to Yes

Actions

Copy link

Updated by Gerrit Code Review almost 10 years ago

Status changed from New to Under Review

Patch set 1 for branch master of project Packages/TYPO3.CMS has been pushed to the review server.
It is available at https://review.typo3.org/31386

Actions

Copy link

Updated by Gerrit Code Review almost 10 years ago

Patch set 2 for branch master of project Packages/TYPO3.CMS has been pushed to the review server.
It is available at https://review.typo3.org/31386

Actions

Copy link

Updated by Gerrit Code Review almost 10 years ago

Patch set 1 for branch TYPO3_6-2 of project Packages/TYPO3.CMS has been pushed to the review server.
It is available at https://review.typo3.org/31396

Actions

Copy link