Bug #24808

Unnecessary message about security token

Added by Georg Ringer about 10 years ago. Updated over 9 years ago.

Status:
Closed
Priority:
Should have
Assignee:
Category:
-
Target version:
-
Start date:
2011-01-25
Due date:
% Done:

0%

Estimated time:
TYPO3 Version:
4.5
PHP Version:
5.3
Tags:
Complexity:
Is Regression:
Sprint Focus:

Description

It seems there is something wrong with checking the tokens on pages which don't need to.

Follow this steps:
1) Call url: typo3/sysext/cms/layout/db_new_content_el.php
2) Delete cache in a different tab (clear all caches)
3) Reload tab #1 > get the message

(issue imported from #M17308)


Related issues

Related to TYPO3 Core - Bug #24671: Protect C(R)UD actions against CSRFClosedErnesto Baschny2011-01-20

Actions
Related to TYPO3 Core - Bug #24755: Re: issue #24715 - problem still exists in 4.5.0rc1Closed2011-01-23

Actions
Has duplicate TYPO3 Core - Bug #30272: Form protection: Do not save flash messages in session during an Ajax requestClosedHelmut Hummel2011-09-25

Actions
#1

Updated by Helmut Hummel about 10 years ago

What you see is a side effect of a previously timed out session in your tab where you cleared the cache (see #24755).

The error messages are stored in the session and displayed on the next page which render flash messages. Not too nice, but the only way we can see what happens and what the reason there was for the failure.

#2

Updated by Ernesto Baschny about 10 years ago

This is probably obsolete by now, I don't get this message. If the token was invalid from start (when clearing the cache) the flash message is displaying "somewhere", which is ugly but not so problematic.

So Georg, are you able to reproduce that? Your mentioned steps didn't work here. Maybe only on specific browsers?

#3

Updated by Helmut Hummel about 10 years ago

I want to keep that ticket to as a reminder to add a method to disable storage of the flash messages in the session witch should always be done when validating a token in a Ajax request.

#4

Updated by Helmut Hummel over 9 years ago

  • Status changed from Accepted to Closed
  • Target version deleted (0)

closed as duplicate

Also available in: Atom PDF