Task #55515: Add CSRF Protection for tce_file.php - TYPO3 Core - TYPO3 Forge

Actions

Copy link

Task #55515

closed

Epic #55070: Workpackages

Epic #55066: WP: Security enhancements

Add CSRF Protection for tce_file.php

Added by Helmut Hummel about 10 years ago. Updated over 6 years ago.

Status:

Closed

Priority:

Must have

Assignee:

Alexander Schnitzler

Category:

Target version:

6.2.0

Start date:

2014-01-31

Due date:

% Done:

100%

Estimated time:

32.00 h

TYPO3 Version:

6.2

PHP Version:

Tags:

Complexity:

Sprint Focus:

Description

tce_file.php works as API/ entry point for file operations and must be CSRF protected (like tce_db.php)

Add token check in tce_file.php
Search all places where tce_file.php is used and add the token
- Especially all JS (d&d fileupload) needs to get the token (d&d upload is handled by ajax.php and needs special handling. This will be targeted in another change)

Related issues 1 (0 open — 1 closed)

History
Notes
Property changes
Associated revisions

Actions

Copy link

Also available in: Atom PDF

Project

General

Profile

TYPO3 Core

Custom queries

Task #55515

Add CSRF Protection for tce_file.php

Updated by Alexander Schnitzler about 10 years ago

Updated by Gerrit Code Review about 10 years ago

Updated by Alexander Schnitzler about 10 years ago

Updated by Gerrit Code Review about 10 years ago

Updated by Gerrit Code Review about 10 years ago

Updated by Anonymous about 10 years ago

Updated by Riccardo De Contardi over 6 years ago