Task #56268
closed
Epic #55070: Workpackages
Epic #55066: WP: Security enhancements
Story #55516: Reduce the number of backend script entry points
Add new way to register a TCA wizard
100%
Description
Wizards used to be registered by defining a script path
to an entry script for a wizard. Since we now aim to reduce
the entry scripts, wizards should be called through
mod.php and be registered accordingly.
However with the additional requirement of adding
CSRF protection for all mod.php calls, we cannot hard code
the script URLs for wizards any more. Instead BackendUtility::getModuleUrl
should be used, which adds the CSRF protection token.
Since this token is session dependend and TCA might be cached,
we need a new way to register a wizard by just specifying
the module name in TCA.
The FormRenderer should then take care to call BackendUtility::getModuleUrl
Updated by Gerrit Code Review over 10 years ago
- Status changed from New to Under Review
Patch set 1 for branch master of project Packages/TYPO3.CMS has been pushed to the review server.
It is available at https://review.typo3.org/27841
Updated by Gerrit Code Review over 10 years ago
Patch set 2 for branch master of project Packages/TYPO3.CMS has been pushed to the review server.
It is available at https://review.typo3.org/27841
Updated by Gerrit Code Review over 10 years ago
Patch set 3 for branch master of project Packages/TYPO3.CMS has been pushed to the review server.
It is available at https://review.typo3.org/27841
Updated by Helmut Hummel over 10 years ago
- Status changed from Under Review to Resolved
- % Done changed from 0 to 100
Applied in changeset d956775f3162ad158c9d43bf5e215c70264f4714.
Updated by