Epic #55066

Epic #55070: Workpackages

WP: Security enhancements

Added by Ingo Schmitt over 7 years ago. Updated over 4 years ago.

Status:
Closed
Priority:
Should have
Assignee:
-
Category:
-
Target version:
-
Start date:
2013-03-19
Due date:
% Done:

100%

Estimated time:
(Total: 51.50 h)
Sprint Focus:

Description

TYPO3 has a pretty good track record in being a secure web application. That is the case not only because security related issues are handled in a profound and transparend way but also because the TYPO3 team constantly strives to imlement protection for newly discovered attack vectors that might be relevant for some (enterprise level) users.
For TYPO3 CMS 6.2 the team strives to improve some and add some security mechanisms of the TYPO3 Backend. In particular enhance the already present Cross-Site Reqest Forgery (CSRF) protection and add protection against common Click-Jacking Attacks


Subtasks

Bug #54201: Implement Clickjacking ProtectionClosed2013-12-04

Actions
Bug #46434: XSS in content element wizardClosed2013-03-19

Actions
Story #55509: Add CSRF Protection to mod.phpClosedHelmut Hummel2014-02-26

Actions
Task #56359: Fix module access regressionsClosed2014-02-26

Actions
Task #56453: Improve usability with multiple tabs openClosed2014-02-28

Actions
Task #55515: Add CSRF Protection for tce_file.phpClosedAlexander Schnitzler2014-01-31

Actions
Story #55516: Reduce the number of backend script entry pointsClosedAnja Leichsenring2014-02-04

Actions
Task #55668: cms/layout entry scripts cleanupClosedNicole Cordes2014-02-04

Actions
Task #55669: form sysext entry script cleanupClosedAnja Leichsenring2014-02-04

Actions
Task #55670: func entry script cleanupClosedAnja Leichsenring2014-02-04

Actions
Task #55671: impexp entry script cleanupClosedAnja Leichsenring2014-02-04

Actions
Task #55672: info entry script cleanupClosedAnja Leichsenring2014-02-08

Actions
Task #55796: Adjust indexed seach submodules of web_info to mod dispatcherClosedAnja Leichsenring2014-02-08

Actions
Task #55797: Use mod dispatch on indexed search submodules for web_infoClosedAnja Leichsenring2014-02-08

Actions
Task #55673: openid entry script cleanupRejectedAnja Leichsenring2014-02-04

Actions
Task #55674: rtehtmlarea entry scripts cleanupClosedNicole Cordes2014-02-04

Actions
Task #55675: version entry script cleanupClosedNicole Cordes2014-02-04

Actions
Task #55676: t3editor wizard inclusion cleanupClosedAnja Leichsenring2014-02-04

Actions
Task #55809: Compat layer for submodules using index.phpClosedAnja Leichsenring2014-03-07

Actions
Task #56631: Remove Compat layer for info and function submodulesClosed2014-03-07

Actions
Task #56246: BackenUtility::getModuleUrl should respect old modules (not mod.php style)Rejected2014-02-24

Actions
Task #56247: Remove all conf.php files and use the BackendUtility::addModule API to add the configurationRejected2014-02-24

Actions
Task #56268: Add new way to register a TCA wizardClosed2014-02-25

Actions
Task #56364: Redirect after switch-to-user brokenClosedHelmut Hummel2014-02-27

Actions
Task #56272: Use the new way of registering wizards for edit wizardClosed2014-02-25

Actions
Task #56632: Make show_rechis.php mod.php dispatchedClosedNicole Cordes2014-03-07

Actions
Task #56721: ElementBrowser::getThisScript is not publicClosed2014-03-10

Actions
Story #56052: Implement CSRF Protection for ajax.phpClosed2014-02-26

Actions
Task #56345: Add API to CSRF protect Ajax calls in BackendClosed2014-02-26

Actions
Task #56356: Protect core Ajax calls against CSRFClosed2014-02-26

Actions
Task #56404: Make sure M parameter is first in URLClosed2014-02-27

Actions
Task #57096: Cleanup Ajax URL JS settingsClosed2014-03-20

Actions
Task #57196: Protect Ajax calls of core extensionsClosed2014-03-23

Actions
Bug #56403: Fix GET parameter order in unit testsClosed2014-02-27

Actions
Story #56431: Use new wizard registration and remove wizard entry pointsClosedAlexander Schnitzler2014-02-28

Actions
Task #56432: Adjust typo3/wizard_add.phpClosedAlexander Schnitzler2014-02-28

Actions
Task #56433: Adjust typo3/wizard_edit.phpClosedAlexander Schnitzler2014-02-28

Actions
Task #56434: Adjust typo3/wizard_list.phpClosedAlexander Schnitzler2014-02-28

Actions
Task #56435: Adjust typo3/wizard_table.phpClosedAlexander Schnitzler2014-02-28

Actions
Task #56436: Adjust typo3/wizard_colorpicker.phpClosedAlexander Schnitzler2014-02-28

Actions
Task #56437: Adjust typo3/wizard_rte.phpClosedAlexander Schnitzler2014-02-28

Actions
Task #56438: Adjust typo3/wizard_forms.phpClosedAlexander Schnitzler2014-02-28

Actions
Task #56454: Remove old wizard scriptsClosed2014-02-28

Actions
Task #56470: Make typo3/browse_links.php and rtehtmlarea/mod3/browse_links mod.php dispatchedClosed2014-03-02

Actions
Task #56471: Make wizard_backend_layout.php mod.php dispatchedClosed2014-03-02

Actions
Task #56622: Regression: The requested URL /typo3/' T3_THIS_LOCATION ' was not found on this server.Closed2014-03-06

Actions
Task #56611: new reference error with non-admin userClosed2014-03-06

Actions
Task #56625: Remove old backend_layout wizardClosed2014-03-06

Actions
Bug #56633: Add Formprotection Class for FE usage (API for ext developers)ClosedHelmut Hummel2014-03-07

Actions
Bug #56743: Make file_edit.php dispatchedClosed2014-09-09

Actions
Bug #61477: Create upgrade wizard for "old" shortcut links of file_edit.phpClosedWouter Wolters2014-09-09

Actions
Task #61215: Make file_newfolder.php dispatchedClosedWouter Wolters2014-08-26

Actions
Task #61216: Make file_rename.php dispatchedClosedWouter Wolters2014-08-26

Actions
Task #61217: Make file_upload.php dispatchedClosedWouter Wolters2014-08-26

Actions
Task #64691: Make move_el.php dispatchedClosed2015-01-31

Actions
Task #64692: Make tce_file.php dispatchedClosed2015-01-31

Actions
Bug #64695: Make tce_db.php dispatchedClosed2015-01-31

Actions
Task #64774: Make login_frameset.php dispatchedClosed2015-02-02

Actions
#1

Updated by Ingo Schmitt over 7 years ago

  • Tracker changed from Bug to Epic
  • Subject changed from Security enhancements to WP: Security enhancements
  • Estimated time set to 160.00 h
  • Parent task set to #55070
#2

Updated by Mathias Schreiber almost 6 years ago

  • Target version deleted (6.2.0)
#3

Updated by Riccardo De Contardi over 4 years ago

  • Status changed from New to Closed
  • Assignee deleted (Helmut Hummel)

I close this one as all subtasks are solved.

If you think that there is still something to do, please reopen it. Thank you.

Also available in: Atom PDF