Bug #95297
closed
cHash not enforced for Extbase actions anymore
100%
Description
TYPO3 8.5 introduced a new behaviour.
URIs to Extbase actions now need a valid cHash per default. This is required for both cached and uncached actions
Calling a link to an extbase-action without cHash would lead to an exception.
Now in v10 it looks like this behaviour is not anymore.
Issue¶
Opening a link to an extbase-action without chash just works.
Expected behaviour¶
Opening a link to an extbase-action without chash should fail.
Example URL¶
Possible cause¶
Here changed a lot. Not only things got deprecated.
CacheHashEnforce was removed in favor of handling in PageArgumentValidator middleware.
It looks like, that "dynamic" extbase-action-arguments were not considered in this changeset. Now CacheHashCalculator don't know them and therefore they are not enforced anymore.
Hotfix / quickfix¶
Add params manually to requireCacheHashPresenceParameters.
$GLOBALS['TYPO3_CONF_VARS']['FE']['cacheHash']['requireCacheHashPresenceParameters'] = [
'^tx_fooext_fooplugin',
];
Real fix suggestion¶
Either populate requireCacheHashPresenceParameters dynamically or use another way to enforce cHash for Extbase actions again.
Updated by Anonymous over 3 years ago
- Related to Task #89868: Remove reqCHash functionality for plugins added
Updated by Anonymous over 3 years ago
- Related to Bug #78002: Require cHash for cached plugin actions in Extbase added
Updated by Anonymous over 3 years ago
One observation regarding route-enhancer usage:
routeEnhancers:
FooBarBaz:
type: Extbase
extension: FooExt
plugin: FooPlugin
routes:
- routePath: '/user-foo/{userFoo}'
_controller: 'FooController::perform'
requirements:
userFoo: '[a-zA-Z0-9]{45}'
This route-enhancer configuration perfectly resolves the following URL:
https://foo.ddev.site/foobarpage/user-foo/barbazbarbaz
But it does not create a cHash. With the workaround requireCacheHashPresenceParameters, this route now fails because of missing cHash.
I am not sure, if that is a known limitation or needs to be handled too.
Updated by Oliver Hader over 2 years ago
- Assignee set to Oliver Hader
- Sprint Focus set to On Location Sprint
Updated by Gerrit Code Review about 2 years ago
- Status changed from New to Under Review
Patch set 1 for branch main of project Packages/TYPO3.CMS has been pushed to the review server.
It is available at https://review.typo3.org/c/Packages/TYPO3.CMS/+/77206
Updated by Gerrit Code Review about 2 years ago
Patch set 2 for branch main of project Packages/TYPO3.CMS has been pushed to the review server.
It is available at https://review.typo3.org/c/Packages/TYPO3.CMS/+/77206
Updated by Gerrit Code Review about 2 years ago
Patch set 3 for branch main of project Packages/TYPO3.CMS has been pushed to the review server.
It is available at https://review.typo3.org/c/Packages/TYPO3.CMS/+/77206
Updated by Gerrit Code Review about 2 years ago
Patch set 4 for branch main of project Packages/TYPO3.CMS has been pushed to the review server.
It is available at https://review.typo3.org/c/Packages/TYPO3.CMS/+/77206
Updated by Gerrit Code Review about 2 years ago
Patch set 5 for branch main of project Packages/TYPO3.CMS has been pushed to the review server.
It is available at https://review.typo3.org/c/Packages/TYPO3.CMS/+/77206
Updated by Gerrit Code Review about 2 years ago
Patch set 6 for branch main of project Packages/TYPO3.CMS has been pushed to the review server.
It is available at https://review.typo3.org/c/Packages/TYPO3.CMS/+/77206
Updated by Gerrit Code Review about 2 years ago
Patch set 7 for branch main of project Packages/TYPO3.CMS has been pushed to the review server.
It is available at https://review.typo3.org/c/Packages/TYPO3.CMS/+/77206
Updated by Gerrit Code Review about 2 years ago
Patch set 8 for branch main of project Packages/TYPO3.CMS has been pushed to the review server.
It is available at https://review.typo3.org/c/Packages/TYPO3.CMS/+/77206
Updated by Gerrit Code Review about 2 years ago
Patch set 9 for branch main of project Packages/TYPO3.CMS has been pushed to the review server.
It is available at https://review.typo3.org/c/Packages/TYPO3.CMS/+/77206
Updated by Gerrit Code Review about 2 years ago
Patch set 10 for branch main of project Packages/TYPO3.CMS has been pushed to the review server.
It is available at https://review.typo3.org/c/Packages/TYPO3.CMS/+/77206
Updated by Gerrit Code Review about 2 years ago
Patch set 11 for branch main of project Packages/TYPO3.CMS has been pushed to the review server.
It is available at https://review.typo3.org/c/Packages/TYPO3.CMS/+/77206
Updated by Gerrit Code Review about 2 years ago
Patch set 12 for branch main of project Packages/TYPO3.CMS has been pushed to the review server.
It is available at https://review.typo3.org/c/Packages/TYPO3.CMS/+/77206
Updated by Gerrit Code Review about 2 years ago
Patch set 13 for branch main of project Packages/TYPO3.CMS has been pushed to the review server.
It is available at https://review.typo3.org/c/Packages/TYPO3.CMS/+/77206
Updated by Gerrit Code Review about 2 years ago
Patch set 14 for branch main of project Packages/TYPO3.CMS has been pushed to the review server.
It is available at https://review.typo3.org/c/Packages/TYPO3.CMS/+/77206
Updated by Gerrit Code Review about 2 years ago
Patch set 15 for branch main of project Packages/TYPO3.CMS has been pushed to the review server.
It is available at https://review.typo3.org/c/Packages/TYPO3.CMS/+/77206
Updated by Gerrit Code Review about 2 years ago
Patch set 16 for branch main of project Packages/TYPO3.CMS has been pushed to the review server.
It is available at https://review.typo3.org/c/Packages/TYPO3.CMS/+/77206
Updated by Gerrit Code Review about 2 years ago
Patch set 1 for branch 11.5 of project Packages/TYPO3.CMS has been pushed to the review server.
It is available at https://review.typo3.org/c/Packages/TYPO3.CMS/+/77712
Updated by Gerrit Code Review about 2 years ago
Patch set 1 for branch 10.4 of project Packages/TYPO3.CMS has been pushed to the review server.
It is available at https://review.typo3.org/c/Packages/TYPO3.CMS/+/77714
Updated by Gerrit Code Review about 2 years ago
Patch set 2 for branch 11.5 of project Packages/TYPO3.CMS has been pushed to the review server.
It is available at https://review.typo3.org/c/Packages/TYPO3.CMS/+/77712
Updated by Gerrit Code Review about 2 years ago
Patch set 2 for branch 10.4 of project Packages/TYPO3.CMS has been pushed to the review server.
It is available at https://review.typo3.org/c/Packages/TYPO3.CMS/+/77714
Updated by Gerrit Code Review about 2 years ago
Patch set 3 for branch 11.5 of project Packages/TYPO3.CMS has been pushed to the review server.
It is available at https://review.typo3.org/c/Packages/TYPO3.CMS/+/77712
Updated by Gerrit Code Review about 2 years ago
Patch set 17 for branch main of project Packages/TYPO3.CMS has been pushed to the review server.
It is available at https://review.typo3.org/c/Packages/TYPO3.CMS/+/77206
Updated by Gerrit Code Review about 2 years ago
Patch set 3 for branch 10.4 of project Packages/TYPO3.CMS has been pushed to the review server.
It is available at https://review.typo3.org/c/Packages/TYPO3.CMS/+/77714
Updated by Benni Mack about 2 years ago
- Status changed from Under Review to Resolved
- % Done changed from 0 to 100
Applied in changeset 434c4fde14e164bfee7a16971f6a948895be5def.