Project

General

Profile

Actions

Bug #68728

closed

cHash check in AbstractPlugin is wrong

Added by Andreas Allacher over 9 years ago. Updated almost 5 years ago.

Status:
Closed
Priority:
Should have
Assignee:
-
Category:
Site Handling, Site Sets & Routing
Target version:
-
Start date:
2015-08-04
Due date:
% Done:

0%

Estimated time:
TYPO3 Version:
6.2
PHP Version:
Tags:
Complexity:
Is Regression:
No
Sprint Focus:

Description

Currently AbstractPlugin does the following cHash check:

$this->piVars = GeneralUtility::_GPmerged($this->prefixId);
if ($this->pi_checkCHash && count($this->piVars)) {
    $GLOBALS['TSFE']->reqCHash();
}

Which is wrong for the following reason:

1.) It ignores cHash exclude parameters and various other cHash settings
2.) It checks for POST & GET variables. However, usually cHash only consists of GET variables.
Of course, that might be why one wants to check for cHash values. However, in the case of wrong POST variables I think it should only disable the caching instead of resulting in pageNotFound error.
And providing the correct cHash for POST variables is nearly impossible. Actually if a form is sent via GET variables it would also be an issue which is why this is usually handled by manually disabling caching in the plugin itself.

In that regard:
Is that check even necessary as the cHash should already be verified by the TypoScriptFrontendController? Of course, it wouldn't check for POST variables.

Actions

Also available in: Atom PDF