Project

General

Profile

Actions
Copy link

Bug #68232

closed

Disallow unauthorized module access

Added by Helmut Hummel over 9 years ago. Updated about 6 years ago.

Status:
Closed
Priority:
Should have
Assignee:
Benni Mack
Category:
System/Bootstrap/Configuration
Target version:
-
Start date:
2015-07-16
Due date:
% Done:

100%

Estimated time:
TYPO3 Version:
7
PHP Version:
Tags:
Complexity:
Is Regression:
No
Sprint Focus:

Description

Changing the module dispatcher url from mod.php to index.php introduced a potential security leak,
as some modules could be called even with no user authenticated.

Fix and harden the checks in the module dispatcher to avoid that.

Related issues 1 (0 open1 closed)

Related to TYPO3 Core - Task #68183: Move Backend Module calls to index.phpClosedWouter Wolters2015-07-15

Actions
Actions
Copy link
 #1

Updated by Gerrit Code Review over 9 years ago

  • Status changed from New to Under Review

Patch set 1 for branch master of project Packages/TYPO3.CMS has been pushed to the review server.
It is available at http://review.typo3.org/41477

Actions
Copy link
 #2

Updated by Helmut Hummel over 9 years ago

  • Status changed from Under Review to Resolved
  • % Done changed from 0 to 100
Actions
Copy link
 #3

Updated by Gerrit Code Review over 9 years ago

  • Status changed from Resolved to Under Review

Patch set 1 for branch master of project Packages/TYPO3.CMS has been pushed to the review server.
It is available at http://review.typo3.org/41489

Actions
Copy link
 #4

Updated by Gerrit Code Review over 9 years ago

Patch set 2 for branch master of project Packages/TYPO3.CMS has been pushed to the review server.
It is available at http://review.typo3.org/41489

Actions
Copy link
 #5

Updated by Nicole Cordes over 9 years ago

  • Status changed from Under Review to Resolved
Actions
Copy link
 #6

Updated by Benni Mack about 6 years ago

  • Status changed from Resolved to Closed
Actions
Copy link

Also available in: Atom PDF