Actions
Bug #102567
open
Send 400 Bad Request in case of Extbase POST request with missing argument
Status:
New
Priority:
Should have
Assignee:
-
Category:
Extbase
Target version:
-
Start date:
2023-11-30
Due date:
% Done:
0%
Estimated time:
TYPO3 Version:
12
PHP Version:
8.2
Tags:
Complexity:
Is Regression:
Sprint Focus:
Description
Given the following setup:
- An Extbase action with a required argument
- That Extbase action only will be called via POST (this can not be enforced yet, see: https://decisions.typo3.org/t/align-extbase-more-with-symfony/)
- The action is called without that argument
Right now Extbase would throw an exception: https://github.com/TYPO3/typo3/blob/v12.4.8/typo3/sysext/extbase/Classes/Mvc/Controller/ActionController.php#L818
Proposal: Extbase should deliver a "400 Bad Request".
This can happen if stupid bots crawl a site. This might spam the logs with the Extbase exception.
This can be implemented without https://decisions.typo3.org/t/align-extbase-more-with-symfony/. That than can come on top in order to enforce Extbase to only call the action if the current request is a POST request. That again prevents flooding the logs by bad bots that might call the action via get request.
Updated by 
Updated by
Actions