Bug #42083

CSRF token is not appended for actions with mixed case characters

Added by Bastian Waidelich almost 9 years ago. Updated almost 9 years ago.

Status:
Resolved
Priority:
Must have
Category:
Security
Start date:
2012-10-17
Due date:
% Done:

100%

Estimated time:
PHP Version:
Has patch:
No
Complexity:

Description

Since the update (I don't know what exactly broke this), the CrsfProtectionAspect no longer appends the CSRF token when the target action contains uppercase characters (e.g. someSpecialAction).

The reason is, that in the aspect the action method name is retrieved all lowercase thus ReflectionService::hasMethod($className, $actionMethodName) returns FALSE if $actionMethodName is not correctly cased.


Related issues

Has duplicate TYPO3.Flow - Bug #41524: csrfToken not added to action links having action method name with more than 1 wordClosedBastian Waidelich2012-10-02

Actions
#1

Updated by Gerrit Code Review almost 9 years ago

  • Status changed from Accepted to Under Review

Patch set 1 for branch master has been pushed to the review server.
It is available at http://review.typo3.org/15765

#2

Updated by Pankaj Lele almost 9 years ago

You may also relate this bug to earlier reported similar bug #41524 Thanks

#3

Updated by Bastian Waidelich almost 9 years ago

  • Status changed from Under Review to Resolved
  • % Done changed from 0 to 100

Also available in: Atom PDF