Project

General

Profile

Actions

Story #55509

closed

Epic #55070: Workpackages

Epic #55066: WP: Security enhancements

Add CSRF Protection to mod.php

Added by Helmut Hummel almost 11 years ago. Updated about 7 years ago.

Status:
Closed
Priority:
Should have
Assignee:
Category:
-
Target version:
Start date:
2014-02-26
Due date:
% Done:

100%

Estimated time:
(Total: 0.00 h)
TYPO3 Version:
6.2
PHP Version:
Tags:
Sprint Focus:

Description

The mod.php dispatcher should check for a correct CSRF token.

  • It should be possible to disable CSRF protection in conf.php or Extbase addModule API t not break third party modules (needs to be ckecked if needed) take #55516 into account ( especially backwards compat for wizards)
  • BackendUtility::getModuleUrl() must add a token (based on module name)
  • Module menu must use BackendUtility::getModuleUrl()
  • All occurrences of hardcoded mod.php URLs must be changed to use BackendUtility::getModuleUrl() (at least one place in JS)

Subtasks 2 (0 open2 closed)

Task #56359: Fix module access regressionsClosed2014-02-26

Actions
Task #56453: Improve usability with multiple tabs openClosed2014-02-28

Actions

Related issues 2 (0 open2 closed)

Related to TYPO3 Core - Bug #58138: CSRF with registerModule and navFrameScriptClosedHelmut Hummel2014-04-23

Actions
Related to TYPO3 Core - Bug #62569: Function menu broken for old modulesClosed2014-10-30

Actions
Actions

Also available in: Atom PDF