Project

General

Profile

Actions
Copy link

Bug #24962

closed

After introducing the locking in #24790 no CSRF token will ever be deleted

Added by Helmut Hummel almost 14 years ago. Updated over 13 years ago.

Status:
Closed
Priority:
Must have
Assignee:
Helmut Hummel
Category:
-
Target version:
4.5.1
Start date:
2011-02-04
Due date:
% Done:

0%

Estimated time:
TYPO3 Version:
4.5
PHP Version:
5.2
Tags:
Complexity:
Is Regression:
Sprint Focus:

Description

Problem:
After introducing the locking in #24790, fetching the probably updated token array and merging this with the token array of the current request, all tokens that have been unset during this request are again added to the array (they are present in the fetched array of tokens).

Solution:
Keep track which tokens are added and deleted during the request and update the token array accordingly.

Note:
Since we now know if changes are made to the token array during one request, we could simply skip the locking and persisting, which saves quite some time for modules that do not create or validate tokens (which most modules do not do).

(issue imported from #M17490)

Files

17490.diff (3.49 KB) 17490.diff Administrator Admin, 2011-02-04 21:08

Related issues 2 (0 open2 closed)

Related to TYPO3 Core - Bug #24790: Form protection tokens get lost because of a race condition when persisting tokensClosedErnesto Baschny2011-01-25

Actions
Related to TYPO3 Core - Bug #24671: Protect C(R)UD actions against CSRFClosedErnesto Baschny2011-01-20

Actions
Actions
Copy link

Also available in: Atom PDF