Project

General

Profile

Actions
Copy link

Bug #85404

closed

Missing button to lock install tool

Added by Nicole Cordes over 6 years ago. Updated about 6 years ago.

Status:
Closed
Priority:
Must have
Assignee:
-
Category:
Install Tool
Target version:
-
Start date:
2018-06-27
Due date:
% Done:

100%

Estimated time:
TYPO3 Version:
9
PHP Version:
7.2
Tags:
system design, security
Complexity:
Is Regression:
Sprint Focus:

Description

With the rewrite of the install tool a way to lock the install tool again seems to be missing. Neither in the standalone part nor in the backend I'm able to lock the install tool again.

Scenario:

- login to the backend as admin user
- open one install tool module
- logout

Expected:

- the install tool is not accessible anymore

Actual:

- the install tool is still available within the browser session without any change to lock it

Files

2018-09-09_184519.png (65.7 KB) 2018-09-09_184519.png Nicole Cordes, 2018-09-09 18:58

Related issues 1 (0 open1 closed)

Related to TYPO3 Core - Bug #86249: Install Tool remains accessible, if admin user logs out of TYPO3 BEClosed2018-09-14

Actions
Actions
Copy link
 #1

Updated by Nicole Cordes over 6 years ago

  • Description updated (diff)
Actions
Copy link
 #2

Updated by Guido Schmechel over 6 years ago

Hi Nicole, is this really a problem for you? The install tool is only available for your browser session.

Actions
Copy link
 #3

Updated by Riccardo De Contardi about 6 years ago

In fact, the issue is still present in TYPO3 9.5.0-dev (latest master);

It seems a security breach, I guess that this is Nicole's opinion

Actions
Copy link
 #5

Updated by Riccardo De Contardi about 6 years ago

  • Related to Bug #86249: Install Tool remains accessible, if admin user logs out of TYPO3 BE added
Actions
Copy link
 #6

Updated by Riccardo De Contardi about 6 years ago

  • PHP Version set to 7.2
  • Tags set to system design, security
Actions
Copy link
 #7

Updated by Gerrit Code Review about 6 years ago

  • Status changed from New to Under Review

Patch set 2 for branch master of project Packages/TYPO3.CMS has been pushed to the review server.
It is available at https://review.typo3.org/58297

Actions
Copy link
 #8

Updated by Gerrit Code Review about 6 years ago

Patch set 3 for branch master of project Packages/TYPO3.CMS has been pushed to the review server.
It is available at https://review.typo3.org/58297

Actions
Copy link
 #9

Updated by Gerrit Code Review about 6 years ago

Patch set 4 for branch master of project Packages/TYPO3.CMS has been pushed to the review server.
It is available at https://review.typo3.org/58297

Actions
Copy link
 #10

Updated by Gerrit Code Review about 6 years ago

Patch set 5 for branch master of project Packages/TYPO3.CMS has been pushed to the review server.
It is available at https://review.typo3.org/58297

Actions
Copy link
 #11

Updated by Christian Kuhn about 6 years ago

  • Status changed from Under Review to Resolved
  • % Done changed from 0 to 100
Actions
Copy link
 #12

Updated by Benni Mack about 6 years ago

  • Status changed from Resolved to Closed
Actions
Copy link

Also available in: Atom PDF