Index: t3lib/formprotection/class.t3lib_formprotection_abstract.php =================================================================== --- t3lib/formprotection/class.t3lib_formprotection_abstract.php (revision 10383) +++ t3lib/formprotection/class.t3lib_formprotection_abstract.php (working copy) @@ -56,6 +56,20 @@ protected $tokens = array(); /** + * Tokens that have been added during this request. + * + * @var array + */ + protected $addedTokens = array(); + + /** + * Token ids of tokens that have been dropped during this request. + * + * @var array + */ + protected $droppedTokenIds = array(); + + /** * Constructor. Makes sure existing tokens are read and available for * checking. */ @@ -123,6 +137,7 @@ 'action' => $action, 'formInstanceName' => $formInstanceName, ); + $this->addedTokens[$tokenId] = $this->tokens[$tokenId]; $this->preventOverflow(); return $tokenId; @@ -219,10 +234,31 @@ protected function dropToken($tokenId) { if (isset($this->tokens[$tokenId])) { unset($this->tokens[$tokenId]); + $this->droppedTokenIds[] = $tokenId; } } /** + * Persisting of tokens is only required, if tokens are + * deleted or added during this request. + * + * @return boolean + */ + protected function isPersistingRequired() { + return !empty($this->droppedTokenIds) || !empty($this->addedTokens); + } + + /** + * Reset the arrays of added or deleted tokens. + * + * @return void + */ + protected function resetPersistingRequiredStatus() { + $this->droppedTokenIds = array(); + $this->addedTokens = array(); + } + + /** * Checks whether the number of current tokens still is at most * $this->maximumNumberOfTokens. * Index: t3lib/formprotection/class.t3lib_formprotection_backendformprotection.php =================================================================== --- t3lib/formprotection/class.t3lib_formprotection_backendformprotection.php (revision 10383) +++ t3lib/formprotection/class.t3lib_formprotection_backendformprotection.php (working copy) @@ -139,6 +139,19 @@ } /** + * Overrule the method in the absract class, because we can drop the + * whole locking procedure, which is done in persistTokens, if we + * simply want to delete all tokens. + * + * @see t3lib/formprotection/t3lib_formprotection_Abstract::clean() + */ + public function clean() { + $this->tokens = array(); + $this->backendUser->setAndSaveSessionData('formTokens', $this->tokens); + $this->resetPersistingRequiredStatus(); + } + + /** * Creates or displayes an error message telling the user that the submitted * form token is invalid. * @@ -184,7 +197,10 @@ protected function updateTokens() { $this->backendUser->user = $this->backendUser->fetchUserSession(TRUE); $tokens = $this->retrieveTokens(); - $this->tokens = array_merge($this->tokens, $tokens); + $this->tokens = array_merge($tokens, $this->addedTokens); + foreach ($this->droppedTokenIds as $tokenId) { + unset($this->tokens[$tokenId]); + } } /** @@ -194,12 +210,15 @@ * @return void */ public function persistTokens() { - $lockObject = $this->acquireLock(); + if ($this->isPersistingRequired()) { + $lockObject = $this->acquireLock(); - $this->updateTokens(); - $this->backendUser->setAndSaveSessionData('formTokens', $this->tokens); + $this->updateTokens(); + $this->backendUser->setAndSaveSessionData('formTokens', $this->tokens); + $this->resetPersistingRequiredStatus(); - $this->releaseLock($lockObject); + $this->releaseLock($lockObject); + } } /**