Bug #59963
closed
Invalid moduleToken in returnUrl of the shortcutMenu
100%
Description
At the moment the moduleToken of the returnUrl in the shortcutMenu is stored statically in the database in the field url of sys_be_shortcuts.
If the user sets a shortcut for a record (for example be_users) the moduleToken of the returnUrl for this shortcut becomes invalid after he has logged out or if he uses another browser.
The consequence: If he uses the shortcut link and then saves and close or exit the record the invalide module token exception is thrown, see also the attached screenshots.
So also the module token of the returnUrl has to be generated dynamically for each backend session and must not be taken statically from the database. A first working approach could be to do this in the getTokenUrl($url) function of
sysext\backend\Classes\Toolbar\ShortcutToolbarItem.php
where already the module token for the shortcut link is generated. The following code works for me at the moment:
protected function getTokenUrl($url) {
$parsedUrl = parse_url($url);
parse_str($parsedUrl['query'], $parameters);
// parse the returnUrl and replace the module token of it
if (isset($parameters['returnUrl'])){
$parsedReturnUrl = parse_url($parameters['returnUrl']);
parse_str($parsedReturnUrl['query'], $returnUrlParameters);
if (strpos($parsedReturnUrl['path'], 'mod.php') !== FALSE && isset($returnUrlParameters['M'])) {
$module = $returnUrlParameters['M'];
unset($returnUrlParameters['M']);
unset($returnUrlParameters['moduleToken']);
$returnUrl = BackendUtility::getModuleUrl($module, $returnUrlParameters);
$parameters['returnUrl'] = $returnUrl;
$url = $parsedUrl['path']. '?'.http_build_query($parameters);
}
}
if (strpos($parsedUrl['path'], 'mod.php') !== FALSE && isset($parameters['M'])) {
$module = $parameters['M'];
unset($parameters['M']);
$url = str_replace('mod.php', '', $parsedUrl['path']) . BackendUtility::getModuleUrl($module, $parameters);
}
return $url;
}
Files
Updated by 
Updated by 
Updated by 
Updated by 
