Project

General

Profile

Actions
Copy link

Bug #69021

closed

Pagetree context menu show preview button returns Invalid CSRF Token

Added by Marc Bauer over 9 years ago. Updated about 7 years ago.

Status:
Closed
Priority:
Must have
Assignee:
Oliver Hader
Category:
Workspaces
Target version:
7 LTS
Start date:
2015-08-13
Due date:
% Done:

100%

Estimated time:
TYPO3 Version:
7
PHP Version:
5.6
Tags:
Complexity:
Is Regression:
No
Sprint Focus:

Description

If you klick at the Pagetree context menu to the button "show preview", a new window is opening and the error message: "The CSRF protection token for the requested module is missing or invalid" is returning.

The error is only if you are in a draft area in workspaces.
In live area there is no error message.

Related issues 5 (0 open5 closed)

Related to TYPO3 Core - Bug #69296: Error when adding first new page after fresh installClosed2015-08-24

Actions
Related to TYPO3 Core - Bug #67001: Workspace Pagepreview doesn't work, if the livepage is set to hidden=1Closed2015-05-17

Actions
Related to TYPO3 Core - Bug #39339: Page preview is broken in draft workspace with 4.7.2Closed2012-07-27

Actions
Has duplicate TYPO3 Core - Bug #68859: [Workspace] Broken Preview link on Page tree listClosedJan Runte2015-08-08

Actions
Follows TYPO3 Core - Bug #66706: Context Menu View page icon has too many jsQuoteClosedNicole Cordes2015-05-01

Actions
Actions
Copy link
 #1

Updated by Marc Bauer over 9 years ago

I have found the error in typo3/sysext/backend/Classes/Tree/Pagetree/ExtdirectTreeCommands.php

        /**
     * Returns the view link of a given node
     *
     * @param stdClass $nodeData
     * @return string
     */
    static public function getViewLink($nodeData) {
        /** @var $node \TYPO3\CMS\Backend\Tree\Pagetree\PagetreeNode */
        $node = GeneralUtility::makeInstance(\TYPO3\CMS\Backend\Tree\Pagetree\PagetreeNode::class, (array)$nodeData);
        $javascriptLink = stripslashes(BackendUtility::viewOnClick($node->getId()));
        preg_match('/window\\.open\\(\'([^\']+)\'/i', str_replace('u0026','&',$javascriptLink), $match);
        return $match[1];
    }

The error is that the & in URL will be replaced by \u0026 but the pregmatch will be kill that and the url is only a long string :(

Actions
Copy link
 #2

Updated by Oliver Hader about 9 years ago

  • Status changed from New to Accepted
  • Target version set to 7 LTS
Actions
Copy link
 #3

Updated by Oliver Hader about 9 years ago

  • Status changed from Accepted to In Progress
  • Assignee set to Oliver Hader
Actions
Copy link
 #4

Updated by Oliver Hader about 9 years ago

Basically the origin of this is in #66706 and the previous changed in that regard...
Encoding JavaScript data and then removing only slashes to circumvent double encodings is unfortunately not enough as it has been done in the mentioned change.

Actions
Copy link
 #5

Updated by Gerrit Code Review about 9 years ago

  • Status changed from In Progress to Under Review

Patch set 1 for branch master of project Packages/TYPO3.CMS has been pushed to the review server.
It is available at https://review.typo3.org/44297

Actions
Copy link
 #6

Updated by Oliver Hader about 9 years ago

  • Status changed from Under Review to Resolved
  • % Done changed from 0 to 100
Actions
Copy link
 #7

Updated by Riccardo De Contardi about 7 years ago

  • Status changed from Resolved to Closed
Actions
Copy link

Also available in: Atom PDF