Story #26376: TER
Mark versions insecure
|Priority:||Must have||Due date:|
|Assigned To:||Tolleiv Nietsch||% Done:||
It is possible to mark a version of an extension as insecure. Unfortunately the checkbox is not saved after hitting the button "Update".
I remember this is caused by an extbase bug. But we need to fix that before launch.
#1 Updated by Georg Ringer about 3 years ago
please also give the security team some days time to test those things properly before going live, thanks!
#3 Updated by Helmut Hummel about 3 years ago
The current implementation seems buggy. Kai fixed some things on the T3BORD but I don't know if that went into the SVN.
Additionally I wonder why extensions marked as insecure in the current TER, are still visible on preview:
We marked this extension insecure in february (see http://typo3.org/teams/security/security-bulletins/typo3-extensions/typo3-ext-sa-2012-003/) and the latest extension import seems to be from today, but t3extplorer is visible on preview.
#4 Updated by HDNET about 3 years ago
- Status changed from New to Under Review
- Assigned To changed from HDNET to Tolleiv Nietsch
We added Review->update to the FlexForm switchableControllerActions in Revision 59862 to the terfe Branch ter_fe2. (http://forge.typo3.org/projects/extension-terfe/repository/revisions/59862)
In addition there need to be some RealURL changes. We have informed Tolleiv about this. After updating the Plugin must be saved with the new FlexForm settings.
#5 Updated by Christian Zenker about 3 years ago
pushed changes to show the form only to TER admins in r2269.
Make sure to put the TER guys in the correct group "TER Admin" later on.
#7 Updated by Tolleiv Nietsch about 3 years ago
- Status changed from Under Review to Resolved
I assume this works fine now.
#8 Updated by Helmut Hummel about 3 years ago
In fact it did not work until now. There still were problems with the TS configuration which I fixed in the SVN and on the live page now.
Besides that, it could not work because the login is forbidden on the TER FE pages, thus the review part never was shown.
Because of that I put the plugin on a protected page and enabled the login for that page.
Now it works, but is a bit inconvenient as realurl seems only to be configured for the original branch and the search somehow does not work.
We now have to figure out the correct parameters to show the extension we want.
To sum it up the original problem is solved, but I will open followup tickets to get the final things working.