Task #56345
closedEpic #55070: Workpackages
Epic #55066: WP: Security enhancements
Story #56052: Implement CSRF Protection for ajax.php
Add API to CSRF protect Ajax calls in Backend
100%
Description
This change adds API to register Ajax ids with their handler
and to get an Ajax URL for a specific AjaxID
A token check is added to the ajax.php dispatcher
script. To stay backwards compatible, the token
is only checked, if the AjaxId is registered not
using the new API.
The new API will be used by TYPO3 core in
consecutive changes.
Updated by Gerrit Code Review almost 11 years ago
- Status changed from New to Under Review
Patch set 2 for branch master of project Packages/TYPO3.CMS has been pushed to the review server.
It is available at https://review.typo3.org/27873
Updated by Gerrit Code Review almost 11 years ago
Patch set 3 for branch master of project Packages/TYPO3.CMS has been pushed to the review server.
It is available at https://review.typo3.org/27873
Updated by Gerrit Code Review almost 11 years ago
Patch set 4 for branch master of project Packages/TYPO3.CMS has been pushed to the review server.
It is available at https://review.typo3.org/27873
Updated by Gerrit Code Review almost 11 years ago
Patch set 5 for branch master of project Packages/TYPO3.CMS has been pushed to the review server.
It is available at https://review.typo3.org/27873
Updated by Gerrit Code Review almost 11 years ago
Patch set 6 for branch master of project Packages/TYPO3.CMS has been pushed to the review server.
It is available at https://review.typo3.org/27873
Updated by Gerrit Code Review almost 11 years ago
Patch set 7 for branch master of project Packages/TYPO3.CMS has been pushed to the review server.
It is available at https://review.typo3.org/27873
Updated by Helmut Hummel almost 11 years ago
- Status changed from Under Review to Resolved
- % Done changed from 0 to 100
Applied in changeset 2aa83d3965d322bcabc74cd2ac30b1a1de47b1ec.