Task #55515

Epic #55070: Workpackages

Epic #55066: WP: Security enhancements

Add CSRF Protection for tce_file.php

Added by Helmut Hummel about 7 years ago. Updated over 3 years ago.

Status:
Closed
Priority:
Must have
Category:
-
Target version:
Start date:
2014-01-31
Due date:
% Done:

100%

Estimated time:
32.00 h
TYPO3 Version:
6.2
PHP Version:
Tags:
Complexity:
Sprint Focus:

Description

tce_file.php works as API/ entry point for file operations and must be CSRF protected (like tce_db.php)

  • Add token check in tce_file.php
  • Search all places where tce_file.php is used and add the token
    • Especially all JS (d&d fileupload) needs to get the token (d&d upload is handled by ajax.php and needs special handling. This will be targeted in another change)

Related issues

Blocked by TYPO3 Core - Bug #56084: t3editor is not usable any moreClosedFrans Saris2014-02-18

Actions
#1

Updated by Alexander Schnitzler about 7 years ago

  • Assignee set to Alexander Schnitzler
#2

Updated by Gerrit Code Review about 7 years ago

  • Status changed from Accepted to Under Review

Patch set 1 for branch master of project Packages/TYPO3.CMS has been pushed to the review server.
It is available at https://review.typo3.org/27691

#3

Updated by Alexander Schnitzler about 7 years ago

  • % Done changed from 0 to 30
#4

Updated by Gerrit Code Review about 7 years ago

Patch set 2 for branch master of project Packages/TYPO3.CMS has been pushed to the review server.
It is available at https://review.typo3.org/27691

#5

Updated by Gerrit Code Review about 7 years ago

Patch set 3 for branch master of project Packages/TYPO3.CMS has been pushed to the review server.
It is available at https://review.typo3.org/27691

#6

Updated by Anonymous about 7 years ago

  • Status changed from Under Review to Resolved
  • % Done changed from 30 to 100
#7

Updated by Riccardo De Contardi over 3 years ago

  • Status changed from Resolved to Closed

Also available in: Atom PDF