Bug #24922
closedProblem with CSRF Protection: Changing access permissions on a sys folder to include a user group
0%
Description
Changing access permissions on a sys folder to include a user group throws this error:
"Validating the security token of this form has failed. Please reload the form and submit it again."
Deleting caches and temp files has no effect.
This issue appeared after upgrading from 4.4.6 to 4.5.0.
(issue imported from #M17437)
Files
Updated by Ernesto Baschny almost 14 years ago
I could not reproduce that, Chris. I tried using the Web>Access module and then either the "User overview" page and also the "Permissions" page, and different methods of changing the group permission, and all of them worked.
Could you be more specific or maybe add a screenshot or two? Thanks!
Updated by Chris Bischoff almost 14 years ago
I've included a screenshot of the backend which illustrates the issue. It happens when I try to add a group to the access permission of the Direct Mail system folder. Could it be related to the Direct Mail extension? I don't know.
Thank you so much for your help.
Updated by Ernesto Baschny almost 14 years ago
This seems to come from some extension which enhances the default permission system of TYPO3 by allowing multiple groups per page. This is not standard core behaviour (where you can only assign one group to each page).
Could you please check if you have an extension that does this installed so that we could get in touch with the author to work on a compatible 4.5 variant for it? Thanks!
Updated by Chris Bischoff almost 14 years ago
I believe it would be "Backend ACL" (be_acl). They just released a new version (1.4.1), but the issue still exists.
Sorry that this is not actually a T3 Core issue. I really appreciate your help.
Updated by Ernesto Baschny almost 14 years ago
Since be_acl is well known and used a lot around, I'll get in touch with Sebastian (its author) to see if we can have the form protection feature integrated. Attached to this issue is something that "might work", which adds the security token to the pertinent FORM on the XCLASSed file. Try to apply that patch to the be_acl/res/class.ux_sc_mod_web_perm_index.php file.
Thanks for your feedback and I'll close this issue for now, as its not a core bug.
Updated by Gerrit Code Review almost 13 years ago
- Status changed from Closed to Under Review
Patch set 2 for branch TYPO3_4-5 has been pushed to the review server.
It is available at http://review.typo3.org/5383
Updated by Alexander Opitz over 11 years ago
- Status changed from Under Review to Closed
- Target version deleted (
0)
Opened by a gerrit code review, with false issue number. So closing this issue again.