Project

General

Profile

Actions

Bug #24697

closed

CSRF protection in frontend for ExtDirect is missing

Added by Stefan Galinski almost 14 years ago. Updated over 9 years ago.

Status:
Closed
Priority:
Should have
Assignee:
-
Category:
-
Target version:
-
Start date:
2011-01-21
Due date:
% Done:

0%

Estimated time:
TYPO3 Version:
4.5
PHP Version:
5.3
Tags:
Complexity:
Is Regression:
No
Sprint Focus:

Description

Problem:
Currently the CSRF protection for the frontend is missing as we are missing a frontend version of the formprotection class.

Current Solution:
The attached patch fixes this behaviour partly, but you would still require to set the page to no_cache, because the caching of the security token.

(issue imported from #M17183)


Files

17183_v1.diff (6.69 KB) 17183_v1.diff Administrator Admin, 2011-01-21 02:11
T3X_extdirecttest-1_0_0-z-201101210150.t3x (7.49 KB) T3X_extdirecttest-1_0_0-z-201101210150.t3x Administrator Admin, 2011-01-21 02:11

Related issues 2 (0 open2 closed)

Related to TYPO3 Core - Bug #24671: Protect C(R)UD actions against CSRFClosedErnesto Baschny2011-01-20

Actions
Related to TYPO3 Core - Bug #24805: Login/ Logout was not possible after introducing the locking in #24790ClosedErnesto Baschny2011-01-25

Actions
Actions

Also available in: Atom PDF