Bug #24805

Login/ Logout was not possible after introducing the locking in #24790

Added by Helmut Hummel over 10 years ago. Updated over 10 years ago.

Status:
Closed
Priority:
Must have
Category:
-
Target version:
Start date:
2011-01-25
Due date:
% Done:

0%

Estimated time:
TYPO3 Version:
4.5
PHP Version:
Tags:
Complexity:
Is Regression:
Sprint Focus:

Description

Problem:
The backend formprotection relies on the possibility to store the tokens in the user session. This is not the case, if a user did not yet login (the login screen). Since the login screen also uses the template object and the persistToken calls were moved to this place, we need do decide whether to validate and store tokens or not.

Solution:
Check if we have a valid BE_USER session and if not provide a dummy object, which implements the same interface.

(issue imported from #M17305)


Related issues

Related to TYPO3 Core - Bug #24671: Protect C(R)UD actions against CSRFClosedErnesto Baschny2011-01-20

Actions
Related to TYPO3 Core - Bug #24697: CSRF protection in frontend for ExtDirect is missingClosed2011-01-21

Actions
Has duplicate TYPO3 Core - Bug #24833: Refreshing Login after automatic sessiontimeout not workingClosed2011-01-26

Actions
#1

Updated by Ernesto Baschny over 10 years ago

This has been solved already in trunk, right?

Check if rev. 10302 is ok for you.

http://forge.typo3.org/repositories/revision/typo3v4-core/10302

#2

Updated by Olaf Reinhard over 10 years ago

Oh that feature was missing in 4.4.5 - My editors wouldn't have been abled to destroy lots of content elements then.
Good Work

#3

Updated by Ernesto Baschny over 10 years ago

Committed to trunk, rev. 10306.

Also available in: Atom PDF