Project

General

Profile

Actions
Copy link

Feature #22685

closed

Provide a CSRF protection framework for the BE and install tool

Added by Oliver Klee over 14 years ago. Updated over 13 years ago.

Status:
Closed
Priority:
Must have
Assignee:
Helmut Hummel
Category:
-
Target version:
-
Start date:
2010-05-19
Due date:
% Done:

0%

Estimated time:
PHP Version:
5.3
Tags:
Complexity:
Sprint Focus:

Description

This feature is about providing a general CSRF protection frameform for the BE and a proof-of-concept for the BE user setup module.

How to test:
1. change your name in the BE user setup, save and see that the value has changed (and there is the flash message telling you that)
2. change your name, save and use TamperData to modify the formToken POST value. The form data will not have changed, and there is no flash message.

I'll post the install tool form protection and POC in another RFC (when it is finished).
(issue imported from #M14438)

Files

Download all files
form-protection-v1.diff (35.4 KB) form-protection-v1.diff Administrator Admin, 2010-05-19 19:46
form-protection-v2.diff (37.9 KB) form-protection-v2.diff Administrator Admin, 2010-05-20 11:56
csrf-v3.diff (36.8 KB) csrf-v3.diff Administrator Admin, 2010-05-27 11:36
14438.diff (58.6 KB) 14438.diff Administrator Admin, 2010-08-23 20:17
14438-v5.diff (68.9 KB) 14438-v5.diff Administrator Admin, 2010-09-21 14:03
14438-v7.diff (67.8 KB) 14438-v7.diff Administrator Admin, 2010-09-24 20:44

Related issues 1 (0 open1 closed)

Is duplicate of TYPO3 Core - Bug #24097: Introduce a form protection APIClosedErnesto Baschny2010-11-17

Actions
Actions
Copy link
 #2

Updated by Susanne Moog over 13 years ago

  • Target version deleted (4.5.0)
Actions
Copy link

Also available in: Atom PDF