Bug #79999
closed
IRRE parent config in Ajax calls is broken
100%
Description
The code to transfer the inline parent context to form engine
in Ajax requests exists but is currently non functional in some
situations.
The config is stored as array, which is hashed by serializing the array,
and building the hash on that string. However that string is not transferred
over the wire, but the json encoded array.
If a float value was present at some place in this array, json_encode and json_decode
will add a slight offset to these numbers than if the value is serialized.
$a = [ 'value' => 1 / 3 ] var_dump(serialize($a) === serialize(json_decode(json_encode($a), true)));
This construct is never true, but is exactly how the current hmac validation works.
Instead, we must use json_encode the array and create the hash against that value, so that these floating point numbers will match.
Updated by Helmut Hummel over 7 years ago
- Project changed from 1716 to TYPO3 Core
- Subject changed from 3 to IRRE parent config in Ajax calls is broken
- Description updated (diff)
- Status changed from Closed to Accepted
- Target version set to 8 LTS
- Is Regression set to No
- Sprint Focus set to Stabilization Sprint
Updated by Gerrit Code Review over 7 years ago
- Status changed from Accepted to Under Review
Patch set 2 for branch master of project Packages/TYPO3.CMS has been pushed to the review server.
It is available at https://review.typo3.org/51783
Updated by Helmut Hummel over 7 years ago
- Status changed from Under Review to Resolved
- % Done changed from 0 to 100
Applied in changeset 4f3bdadd0269b27f20b4fca224156d8584d6ecfd.
Updated by Riccardo De Contardi about 7 years ago
- Status changed from Resolved to Closed