Project

General

Profile

Actions

Bug #68232

closed

Disallow unauthorized module access

Added by Helmut Hummel almost 9 years ago. Updated over 5 years ago.

Status:
Closed
Priority:
Should have
Assignee:
Category:
System/Bootstrap/Configuration
Target version:
-
Start date:
2015-07-16
Due date:
% Done:

100%

Estimated time:
TYPO3 Version:
7
PHP Version:
Tags:
Complexity:
Is Regression:
No
Sprint Focus:

Description

Changing the module dispatcher url from mod.php to index.php introduced a potential security leak,
as some modules could be called even with no user authenticated.

Fix and harden the checks in the module dispatcher to avoid that.


Related issues 1 (0 open1 closed)

Related to TYPO3 Core - Task #68183: Move Backend Module calls to index.phpClosedWouter Wolters2015-07-15

Actions
Actions #1

Updated by Gerrit Code Review almost 9 years ago

  • Status changed from New to Under Review

Patch set 1 for branch master of project Packages/TYPO3.CMS has been pushed to the review server.
It is available at http://review.typo3.org/41477

Actions #2

Updated by Helmut Hummel almost 9 years ago

  • Status changed from Under Review to Resolved
  • % Done changed from 0 to 100
Actions #3

Updated by Gerrit Code Review almost 9 years ago

  • Status changed from Resolved to Under Review

Patch set 1 for branch master of project Packages/TYPO3.CMS has been pushed to the review server.
It is available at http://review.typo3.org/41489

Actions #4

Updated by Gerrit Code Review almost 9 years ago

Patch set 2 for branch master of project Packages/TYPO3.CMS has been pushed to the review server.
It is available at http://review.typo3.org/41489

Actions #5

Updated by Nicole Cordes almost 9 years ago

  • Status changed from Under Review to Resolved
Actions #6

Updated by Benni Mack over 5 years ago

  • Status changed from Resolved to Closed
Actions

Also available in: Atom PDF