Bug #93435
open
Honeypot validation fails if no session data exists
0%
Description
At the moment the honeypot protection does not do anything if no session data exists .
The honeypot validation must fail if no session data exists.
Updated by Gerrit Code Review almost 4 years ago
- Status changed from New to Under Review
Patch set 1 for branch master of project Packages/TYPO3.CMS has been pushed to the review server.
It is available at https://review.typo3.org/c/Packages/TYPO3.CMS/+/67642
Updated by Gerrit Code Review almost 4 years ago
Patch set 1 for branch 10.4 of project Packages/TYPO3.CMS has been pushed to the review server.
It is available at https://review.typo3.org/c/Packages/TYPO3.CMS/+/67643
Updated by Gerrit Code Review almost 4 years ago
Patch set 1 for branch 9.5 of project Packages/TYPO3.CMS has been pushed to the review server.
It is available at https://review.typo3.org/c/Packages/TYPO3.CMS/+/67644
Updated by Gerrit Code Review almost 4 years ago
Patch set 1 for branch TYPO3_8-7 of project Packages/TYPO3.CMS has been pushed to the review server.
It is available at https://review.typo3.org/c/Packages/TYPO3.CMS/+/67645
Updated by Ralf Zimmermann almost 4 years ago
Note that this patch can not be tested for TYPO3 v11 until this #93421 (https://review.typo3.org/c/Packages/TYPO3.CMS/+/67637) is fixed.
Without https://review.typo3.org/c/Packages/TYPO3.CMS/+/67637 the honeypot feature does not work in any way in TYPO3 v11.
Updated by Gerrit Code Review almost 4 years ago
Patch set 2 for branch master of project Packages/TYPO3.CMS has been pushed to the review server.
It is available at https://review.typo3.org/c/Packages/TYPO3.CMS/+/67642
Updated by Gerrit Code Review almost 4 years ago
Patch set 2 for branch 10.4 of project Packages/TYPO3.CMS has been pushed to the review server.
It is available at https://review.typo3.org/c/Packages/TYPO3.CMS/+/67643
Updated by Gerrit Code Review almost 4 years ago
Patch set 2 for branch 9.5 of project Packages/TYPO3.CMS has been pushed to the review server.
It is available at https://review.typo3.org/c/Packages/TYPO3.CMS/+/67644
Updated by Gerrit Code Review almost 4 years ago
Patch set 2 for branch TYPO3_8-7 of project Packages/TYPO3.CMS has been pushed to the review server.
It is available at https://review.typo3.org/c/Packages/TYPO3.CMS/+/67645
Updated by Gerrit Code Review almost 4 years ago
Patch set 3 for branch master of project Packages/TYPO3.CMS has been pushed to the review server.
It is available at https://review.typo3.org/c/Packages/TYPO3.CMS/+/67642
Updated by Gerrit Code Review almost 4 years ago
Patch set 4 for branch master of project Packages/TYPO3.CMS has been pushed to the review server.
It is available at https://review.typo3.org/c/Packages/TYPO3.CMS/+/67642
Updated by Gerrit Code Review almost 4 years ago
Patch set 3 for branch 9.5 of project Packages/TYPO3.CMS has been pushed to the review server.
It is available at https://review.typo3.org/c/Packages/TYPO3.CMS/+/67644
Updated by Gerrit Code Review almost 4 years ago
Patch set 3 for branch 10.4 of project Packages/TYPO3.CMS has been pushed to the review server.
It is available at https://review.typo3.org/c/Packages/TYPO3.CMS/+/67643
Updated by Gerrit Code Review almost 4 years ago
Patch set 4 for branch 10.4 of project Packages/TYPO3.CMS has been pushed to the review server.
It is available at https://review.typo3.org/c/Packages/TYPO3.CMS/+/67643
Updated by Gerrit Code Review almost 4 years ago
Patch set 4 for branch 9.5 of project Packages/TYPO3.CMS has been pushed to the review server.
It is available at https://review.typo3.org/c/Packages/TYPO3.CMS/+/67644
Updated by Gerrit Code Review almost 4 years ago
Patch set 5 for branch master of project Packages/TYPO3.CMS has been pushed to the review server.
It is available at https://review.typo3.org/c/Packages/TYPO3.CMS/+/67642
Updated by Gerrit Code Review almost 4 years ago
Patch set 5 for branch 9.5 of project Packages/TYPO3.CMS has been pushed to the review server.
It is available at https://review.typo3.org/c/Packages/TYPO3.CMS/+/67644
Updated by Gerrit Code Review almost 4 years ago
Patch set 5 for branch 10.4 of project Packages/TYPO3.CMS has been pushed to the review server.
It is available at https://review.typo3.org/c/Packages/TYPO3.CMS/+/67643
Updated by Gerrit Code Review almost 4 years ago
Patch set 6 for branch master of project Packages/TYPO3.CMS has been pushed to the review server.
It is available at https://review.typo3.org/c/Packages/TYPO3.CMS/+/67642
Updated by Gerrit Code Review almost 4 years ago
Patch set 6 for branch 9.5 of project Packages/TYPO3.CMS has been pushed to the review server.
It is available at https://review.typo3.org/c/Packages/TYPO3.CMS/+/67644
Updated by Gerrit Code Review almost 4 years ago
Patch set 6 for branch 10.4 of project Packages/TYPO3.CMS has been pushed to the review server.
It is available at https://review.typo3.org/c/Packages/TYPO3.CMS/+/67643
Updated by Gerrit Code Review almost 4 years ago
Patch set 7 for branch master of project Packages/TYPO3.CMS has been pushed to the review server.
It is available at https://review.typo3.org/c/Packages/TYPO3.CMS/+/67642
Updated by Gerrit Code Review over 3 years ago
Patch set 8 for branch master of project Packages/TYPO3.CMS has been pushed to the review server.
It is available at https://review.typo3.org/c/Packages/TYPO3.CMS/+/67642
Updated by Gerrit Code Review over 3 years ago
Patch set 9 for branch master of project Packages/TYPO3.CMS has been pushed to the review server.
It is available at https://review.typo3.org/c/Packages/TYPO3.CMS/+/67642
Updated by Gerrit Code Review over 3 years ago
Patch set 7 for branch 10.4 of project Packages/TYPO3.CMS has been pushed to the review server.
It is available at https://review.typo3.org/c/Packages/TYPO3.CMS/+/67643
Updated by Gerrit Code Review over 3 years ago
Patch set 10 for branch master of project Packages/TYPO3.CMS has been pushed to the review server.
It is available at https://review.typo3.org/c/Packages/TYPO3.CMS/+/67642
Updated by Gerrit Code Review over 3 years ago
Patch set 11 for branch master of project Packages/TYPO3.CMS has been pushed to the review server.
It is available at https://review.typo3.org/c/Packages/TYPO3.CMS/+/67642
Updated by Gerrit Code Review over 3 years ago
Patch set 12 for branch master of project Packages/TYPO3.CMS has been pushed to the review server.
It is available at https://review.typo3.org/c/Packages/TYPO3.CMS/+/67642
Updated by Gerrit Code Review over 3 years ago
Patch set 13 for branch master of project Packages/TYPO3.CMS has been pushed to the review server.
It is available at https://review.typo3.org/c/Packages/TYPO3.CMS/+/67642
Updated by Björn Jacob over 3 years ago
- Related to Task #93212: Update honeypot using a customized identifier added
Updated by Björn Jacob over 3 years ago
- Related to Task #93217: Add placeholder attribute to honeypot added
Updated by Gerrit Code Review over 3 years ago
Patch set 14 for branch master of project Packages/TYPO3.CMS has been pushed to the review server.
It is available at https://review.typo3.org/c/Packages/TYPO3.CMS/+/67642
Updated by Gerrit Code Review over 3 years ago
Patch set 15 for branch master of project Packages/TYPO3.CMS has been pushed to the review server.
It is available at https://review.typo3.org/c/Packages/TYPO3.CMS/+/67642
Updated by Gerrit Code Review over 3 years ago
Patch set 16 for branch master of project Packages/TYPO3.CMS has been pushed to the review server.
It is available at https://review.typo3.org/c/Packages/TYPO3.CMS/+/67642
Updated by Gerrit Code Review over 3 years ago
Patch set 17 for branch master of project Packages/TYPO3.CMS has been pushed to the review server.
It is available at https://review.typo3.org/c/Packages/TYPO3.CMS/+/67642
Updated by Gerrit Code Review over 3 years ago
Patch set 18 for branch master of project Packages/TYPO3.CMS has been pushed to the review server.
It is available at https://review.typo3.org/c/Packages/TYPO3.CMS/+/67642
Updated by Gerrit Code Review over 3 years ago
Patch set 19 for branch master of project Packages/TYPO3.CMS has been pushed to the review server.
It is available at https://review.typo3.org/c/Packages/TYPO3.CMS/+/67642
Updated by Gerrit Code Review over 3 years ago
Patch set 20 for branch master of project Packages/TYPO3.CMS has been pushed to the review server.
It is available at https://review.typo3.org/c/Packages/TYPO3.CMS/+/67642
Updated by Gerrit Code Review over 3 years ago
Patch set 21 for branch master of project Packages/TYPO3.CMS has been pushed to the review server.
It is available at https://review.typo3.org/c/Packages/TYPO3.CMS/+/67642
Updated by Gerrit Code Review over 3 years ago
Patch set 22 for branch master of project Packages/TYPO3.CMS has been pushed to the review server.
It is available at https://review.typo3.org/c/Packages/TYPO3.CMS/+/67642
Updated by Gerrit Code Review over 3 years ago
Patch set 8 for branch 10.4 of project Packages/TYPO3.CMS has been pushed to the review server.
It is available at https://review.typo3.org/c/Packages/TYPO3.CMS/+/67643
Updated by Gerrit Code Review over 3 years ago
Patch set 23 for branch master of project Packages/TYPO3.CMS has been pushed to the review server.
It is available at https://review.typo3.org/c/Packages/TYPO3.CMS/+/67642
Updated by Gerrit Code Review over 3 years ago
Patch set 24 for branch master of project Packages/TYPO3.CMS has been pushed to the review server.
It is available at https://review.typo3.org/c/Packages/TYPO3.CMS/+/67642
Updated by Gerrit Code Review over 3 years ago
Patch set 9 for branch 10.4 of project Packages/TYPO3.CMS has been pushed to the review server.
It is available at https://review.typo3.org/c/Packages/TYPO3.CMS/+/67643
Updated by Gerrit Code Review over 3 years ago
Patch set 25 for branch master of project Packages/TYPO3.CMS has been pushed to the review server.
It is available at https://review.typo3.org/c/Packages/TYPO3.CMS/+/67642
Updated by Gerrit Code Review over 3 years ago
Patch set 10 for branch 10.4 of project Packages/TYPO3.CMS has been pushed to the review server.
It is available at https://review.typo3.org/c/Packages/TYPO3.CMS/+/67643
Updated by Gerrit Code Review over 3 years ago
Patch set 26 for branch master of project Packages/TYPO3.CMS has been pushed to the review server.
It is available at https://review.typo3.org/c/Packages/TYPO3.CMS/+/67642
Updated by Gerrit Code Review over 3 years ago
Patch set 27 for branch master of project Packages/TYPO3.CMS has been pushed to the review server.
It is available at https://review.typo3.org/c/Packages/TYPO3.CMS/+/67642
Updated by Gerrit Code Review over 3 years ago
Patch set 28 for branch master of project Packages/TYPO3.CMS has been pushed to the review server.
It is available at https://review.typo3.org/c/Packages/TYPO3.CMS/+/67642
Updated by Gerrit Code Review over 3 years ago
Patch set 29 for branch master of project Packages/TYPO3.CMS has been pushed to the review server.
It is available at https://review.typo3.org/c/Packages/TYPO3.CMS/+/67642
Updated by Gerrit Code Review over 3 years ago
Patch set 30 for branch master of project Packages/TYPO3.CMS has been pushed to the review server.
It is available at https://review.typo3.org/c/Packages/TYPO3.CMS/+/67642
Updated by Gerrit Code Review over 3 years ago
Patch set 31 for branch master of project Packages/TYPO3.CMS has been pushed to the review server.
It is available at https://review.typo3.org/c/Packages/TYPO3.CMS/+/67642
Updated by Gerrit Code Review over 3 years ago
Patch set 32 for branch master of project Packages/TYPO3.CMS has been pushed to the review server.
It is available at https://review.typo3.org/c/Packages/TYPO3.CMS/+/67642
Updated by Gerrit Code Review over 3 years ago
Patch set 33 for branch master of project Packages/TYPO3.CMS has been pushed to the review server.
It is available at https://review.typo3.org/c/Packages/TYPO3.CMS/+/67642
Updated by Tim Spiekerkötter about 3 years ago
Hi Ralf, hi everyone else,
this looks promising. I was just about to open a new issue but I think this is what I found right now.
If I get this right, then currently the honeypot does not work at all, after the page was rendered once, right? I tried a fresh TYPO3 10 installation with nothing else installed, I created a form and put it on a page. After opening the page once TYPO3 creates an entry inside the cache_pages table where the honeypot field with it's "unique" name is already generated. With the next page load the already build form is rendered directly from the cache and no cookie is set, so the validation doesn't get added. Is there something we can do with TYPO3 10, 9 or even 8 (we are on ELTS here :() to get the honeypot to work?
Thank you for your work and cheers,
Diego
Updated by Gerrit Code Review almost 3 years ago
Patch set 34 for branch main of project Packages/TYPO3.CMS has been pushed to the review server.
It is available at https://review.typo3.org/c/Packages/TYPO3.CMS/+/67642
Updated by András Ottó almost 3 years ago
For anyone facing this issue.
Putting this line in a custom extion's ext_localconf.php could work as a workout:
$GLOBALS['TYPO3_CONF_VARS']['EXTCONF']['extbase']['extensions']['Form']['plugins']['Formframework']['controllers'][\TYPO3\CMS\Form\Controller\FormFrontendController::class]['nonCacheableActions'] = [0 => 'render', 1 => 'perform'];
Basically we need to disable the cache for the renderAction otherwise the honeypot does not work.
Updated by Gerrit Code Review over 2 years ago
Patch set 35 for branch main of project Packages/TYPO3.CMS has been pushed to the review server.
It is available at https://review.typo3.org/c/Packages/TYPO3.CMS/+/67642
Updated by Gerrit Code Review over 2 years ago
Patch set 36 for branch main of project Packages/TYPO3.CMS has been pushed to the review server.
It is available at https://review.typo3.org/c/Packages/TYPO3.CMS/+/67642
Updated by Gerrit Code Review over 2 years ago
Patch set 37 for branch main of project Packages/TYPO3.CMS has been pushed to the review server.
It is available at https://review.typo3.org/c/Packages/TYPO3.CMS/+/67642
Updated by Gerrit Code Review over 2 years ago
Patch set 38 for branch main of project Packages/TYPO3.CMS has been pushed to the review server.
It is available at https://review.typo3.org/c/Packages/TYPO3.CMS/+/67642
Updated by Oliver Hader about 2 years ago
- Related to Bug #98084: Honeypot not working anymore? added
Updated by Tim Schreiner over 1 year ago
- Related to Bug #101562: Honeypot not validated if name could not be fetched added
Updated by Tim Schreiner over 1 year ago
- Related to deleted (Bug #101562: Honeypot not validated if name could not be fetched)
Updated by Tim Schreiner over 1 year ago
- Has duplicate Bug #101562: Honeypot not validated if name could not be fetched added
Updated by Oliver Hader 7 months ago
- Related to Bug #103481: Honeypot / From EmptyValidator does not work at all ?! added
Updated by Benni Mack about 1 month ago
- Status changed from Under Review to New