Bug #42083

CSRF token is not appended for actions with mixed case characters

Added by Bastian Waidelich over 8 years ago. Updated over 8 years ago.

Status:
Resolved
Priority:
Must have
Category:
Security
Start date:
2012-10-17
Due date:
% Done:

100%

Estimated time:
PHP Version:
Has patch:
No
Complexity:

Description

Since the update (I don't know what exactly broke this), the CrsfProtectionAspect no longer appends the CSRF token when the target action contains uppercase characters (e.g. someSpecialAction).

The reason is, that in the aspect the action method name is retrieved all lowercase thus ReflectionService::hasMethod($className, $actionMethodName) returns FALSE if $actionMethodName is not correctly cased.


Related issues

Has duplicate TYPO3.Flow - Bug #41524: csrfToken not added to action links having action method name with more than 1 wordClosedBastian Waidelich2012-10-02

Actions

Also available in: Atom PDF