Bug #41524

csrfToken not added to action links having action method name with more than 1 word

Added by Pankaj Lele about 9 years ago. Updated about 9 years ago.

Status:
Closed
Priority:
Should have
Category:
Security
Target version:
-
Start date:
2012-10-02
Due date:
% Done:

0%

Estimated time:
PHP Version:
5.3
Has patch:
No
Complexity:

Description

In short: csrfToken is not added to links who's target action is "someOtherAction" but only works for action names like "someAction"

After digging a little bit in code I found that UriBuilder->uriFor() makes the @action argument forcefully lowercase and hence $this->reflectionService->hasMethod($className, $actionName) in the CsrfProtectionAspect returns false.


Related issues

Is duplicate of TYPO3.Flow - Bug #42083: CSRF token is not appended for actions with mixed case charactersResolvedBastian Waidelich2012-10-17

Actions

Also available in: Atom PDF