Bug #85404

Missing button to lock install tool

Added by Nicole Cordes over 1 year ago. Updated about 1 year ago.

Status:
Closed
Priority:
Must have
Assignee:
-
Category:
Install Tool
Target version:
-
Start date:
2018-06-27
Due date:
% Done:

100%

TYPO3 Version:
9
PHP Version:
7.2
Tags:
system design, security
Complexity:
Is Regression:
Sprint Focus:

Description

With the rewrite of the install tool a way to lock the install tool again seems to be missing. Neither in the standalone part nor in the backend I'm able to lock the install tool again.

Scenario:

- login to the backend as admin user
- open one install tool module
- logout

Expected:

- the install tool is not accessible anymore

Actual:

- the install tool is still available within the browser session without any change to lock it

2018-09-09_184519.png View (65.7 KB) Nicole Cordes, 2018-09-09 18:58


Related issues

Related to TYPO3 Core - Bug #86249: Install Tool remains accessible, if admin user logs out of TYPO3 BE Closed 2018-09-14

Associated revisions

Revision 2b2ab785 (diff)
Added by Christian Kuhn about 1 year ago

[TASK] Destroy install tool session on backend user logout

If a system maintainer used the install tool from within the
backend, the session is now destroyed on logout explicitely.

Resolves: #86249
Resolves: #85404
Releases: master
Change-Id: I6bf4f2a724ec85b60854e8f92c00a10e7614f140
Reviewed-on: https://review.typo3.org/58297
Reviewed-by: Benni Mack <>
Tested-by: Benni Mack <>
Reviewed-by: Andreas Fernandez <>
Tested-by: TYPO3com <>
Tested-by: Andreas Fernandez <>

History

#1 Updated by Nicole Cordes over 1 year ago

  • Description updated (diff)

#2 Updated by Guido Schmechel over 1 year ago

Hi Nicole, is this really a problem for you? The install tool is only available for your browser session.

#3 Updated by Riccardo De Contardi about 1 year ago

In fact, the issue is still present in TYPO3 9.5.0-dev (latest master);

It seems a security breach, I guess that this is Nicole's opinion

#5 Updated by Riccardo De Contardi about 1 year ago

  • Related to Bug #86249: Install Tool remains accessible, if admin user logs out of TYPO3 BE added

#6 Updated by Riccardo De Contardi about 1 year ago

  • PHP Version set to 7.2
  • Tags set to system design, security

#7 Updated by Gerrit Code Review about 1 year ago

  • Status changed from New to Under Review

Patch set 2 for branch master of project Packages/TYPO3.CMS has been pushed to the review server.
It is available at https://review.typo3.org/58297

#8 Updated by Gerrit Code Review about 1 year ago

Patch set 3 for branch master of project Packages/TYPO3.CMS has been pushed to the review server.
It is available at https://review.typo3.org/58297

#9 Updated by Gerrit Code Review about 1 year ago

Patch set 4 for branch master of project Packages/TYPO3.CMS has been pushed to the review server.
It is available at https://review.typo3.org/58297

#10 Updated by Gerrit Code Review about 1 year ago

Patch set 5 for branch master of project Packages/TYPO3.CMS has been pushed to the review server.
It is available at https://review.typo3.org/58297

#11 Updated by Christian Kuhn about 1 year ago

  • Status changed from Under Review to Resolved
  • % Done changed from 0 to 100

#12 Updated by Benni Mack about 1 year ago

  • Status changed from Resolved to Closed

Also available in: Atom PDF