Project

General

Profile

Actions
Copy link

Bug #24805

closed

Login/ Logout was not possible after introducing the locking in #24790

Added by Helmut Hummel about 13 years ago. Updated about 13 years ago.

Status:
Closed
Priority:
Must have
Assignee:
Ernesto Baschny
Category:
-
Target version:
4.5.0
Start date:
2011-01-25
Due date:
% Done:

0%

Estimated time:
TYPO3 Version:
4.5
PHP Version:
Tags:
Complexity:
Is Regression:
Sprint Focus:

Description

Problem:
The backend formprotection relies on the possibility to store the tokens in the user session. This is not the case, if a user did not yet login (the login screen). Since the login screen also uses the template object and the persistToken calls were moved to this place, we need do decide whether to validate and store tokens or not.

Solution:
Check if we have a valid BE_USER session and if not provide a dummy object, which implements the same interface.

(issue imported from #M17305)

Related issues 3 (0 open3 closed)

Related to TYPO3 Core - Bug #24671: Protect C(R)UD actions against CSRFClosedErnesto Baschny2011-01-20

Actions
Related to TYPO3 Core - Bug #24697: CSRF protection in frontend for ExtDirect is missingClosed2011-01-21

Actions
Has duplicate TYPO3 Core - Bug #24833: Refreshing Login after automatic sessiontimeout not workingClosed2011-01-26

Actions
Actions
Copy link
 #1

Updated by Ernesto Baschny about 13 years ago

This has been solved already in trunk, right?

Check if rev. 10302 is ok for you.

http://forge.typo3.org/repositories/revision/typo3v4-core/10302

Actions
Copy link
 #2

Updated by Olaf Reinhard about 13 years ago

Oh that feature was missing in 4.4.5 - My editors wouldn't have been abled to destroy lots of content elements then.
Good Work

Actions
Copy link
 #3

Updated by Ernesto Baschny about 13 years ago

Committed to trunk, rev. 10306.

Actions
Copy link

Also available in: Atom PDF