Bug #79144
closed
No value found for key "TYPO3\CMS\Fluid\ViewHelpers\FormViewHelper->securedHiddenFieldsRendered", thus the key cannot be removed.
0%
Description
Overwriting the functions renderHiddenReferrerFields, renderHiddenSecuredReferrerField, renderTrustedPropertiesField and renderRequestHashField of the \TYPO3\CMS\Fluid\ViewHelpers\FormViewHelper with empty functions doesn't work anymore since version 7.6.15. Instead TYPO3 throws the exception:
#1243352249: No value found for key "TYPO3\CMS\Fluid\ViewHelpers\FormViewHelper->securedHiddenFieldsRendered", thus the key cannot be removed. (More information)
TYPO3\CMS\Fluid\Core\ViewHelper\Exception\InvalidVariableException thrown in file
/Users/tosh/Sites/sl-neu/vendor/typo3/cms/typo3/sysext/fluid/Classes/Core/ViewHelper/ViewHelperVariableContainer.php in line 113.
Updated by Claus Due over 7 years ago
Overwriting these functions will destroy HMAC generation which is a severe security issue. I strongly recommend you never override these methods - and if you do, make absolutely sure that you call the parent methods! I cannot stress this enough: do NOT intentionally disable these security features!
Updated by Riccardo De Contardi almost 7 years ago
- Status changed from New to Closed
I close this issue for now; the issue arises only when overriding or extending the Form ViewHelpers incorrectly. Moreover, that incorrect usage of the API will lead to severe security issues (!).
If you think that this is the wrong decision or there is still work to be done, please reopen it or open a new issue with a reference to this one and a better explanation of your usecase
Thank you.