Project

General

Profile

Actions

Bug #95297

closed

cHash not enforced for Extbase actions anymore

Added by Anonymous over 2 years ago. Updated about 1 year ago.

Status:
Closed
Priority:
Should have
Assignee:
Category:
Link Handling, Site Handling & Routing
Target version:
-
Start date:
2021-09-21
Due date:
% Done:

100%

Estimated time:
TYPO3 Version:
10
PHP Version:
7.4
Tags:
chash,extbase
Complexity:
Is Regression:
Sprint Focus:
On Location Sprint

Description

TYPO3 8.5 introduced a new behaviour.

URIs to Extbase actions now need a valid cHash per default. This is required for both cached and uncached actions

https://docs.typo3.org/c/typo3/cms-core/master/en-us/Changelog/8.5/Breaking-78002-EnforceCHashArgumentForExtbaseActions.html

Calling a link to an extbase-action without cHash would lead to an exception.

Now in v10 it looks like this behaviour is not anymore.

Issue

Opening a link to an extbase-action without chash just works.

Expected behaviour

Opening a link to an extbase-action without chash should fail.

Example URL

https://foo.ddev.site/foobarpage?tx_fooext_fooplugin%5Baction%5D=perform&tx_fooext_fooplugin%5Bcontroller%5D=FooController&tx_fooext_fooplugin%5BuserFoo%5D=barbazbarbaz

Possible cause

https://docs.typo3.org/c/typo3/cms-core/master/en-us/Changelog/10.3/Deprecation-89868-RemoveReqCHashFunctionalityForPlugins.html

Here changed a lot. Not only things got deprecated.

https://forge.typo3.org/projects/typo3cms-core/repository/1749/revisions/f305de5888f0a5c1d1474df3f35d52698e1eee4d

CacheHashEnforce was removed in favor of handling in PageArgumentValidator middleware.

It looks like, that "dynamic" extbase-action-arguments were not considered in this changeset. Now CacheHashCalculator don't know them and therefore they are not enforced anymore.

Hotfix / quickfix

Add params manually to requireCacheHashPresenceParameters.

$GLOBALS['TYPO3_CONF_VARS']['FE']['cacheHash']['requireCacheHashPresenceParameters'] = [
    '^tx_fooext_fooplugin',
];

Real fix suggestion

Either populate requireCacheHashPresenceParameters dynamically or use another way to enforce cHash for Extbase actions again.


Related issues 2 (0 open2 closed)

Related to TYPO3 Core - Task #89868: Remove reqCHash functionality for pluginsClosedBenni Mack2019-12-06

Actions
Related to TYPO3 Core - Bug #78002: Require cHash for cached plugin actions in ExtbaseClosed2016-09-20

Actions
Actions #1

Updated by Anonymous over 2 years ago

  • Related to Task #89868: Remove reqCHash functionality for plugins added
Actions #2

Updated by Anonymous over 2 years ago

  • Related to Bug #78002: Require cHash for cached plugin actions in Extbase added
Actions #3

Updated by Anonymous over 2 years ago

One observation regarding route-enhancer usage:

routeEnhancers:
  FooBarBaz:
    type: Extbase
    extension: FooExt
    plugin: FooPlugin
    routes:
      - routePath: '/user-foo/{userFoo}'
        _controller: 'FooController::perform'
    requirements:
      userFoo: '[a-zA-Z0-9]{45}'

This route-enhancer configuration perfectly resolves the following URL:

https://foo.ddev.site/foobarpage/user-foo/barbazbarbaz

But it does not create a cHash. With the workaround requireCacheHashPresenceParameters, this route now fails because of missing cHash.

I am not sure, if that is a known limitation or needs to be handled too.

Actions #5

Updated by Oliver Hader over 1 year ago

  • Assignee set to Oliver Hader
  • Sprint Focus set to On Location Sprint
Actions #6

Updated by Gerrit Code Review over 1 year ago

  • Status changed from New to Under Review

Patch set 1 for branch main of project Packages/TYPO3.CMS has been pushed to the review server.
It is available at https://review.typo3.org/c/Packages/TYPO3.CMS/+/77206

Actions #7

Updated by Gerrit Code Review over 1 year ago

Patch set 2 for branch main of project Packages/TYPO3.CMS has been pushed to the review server.
It is available at https://review.typo3.org/c/Packages/TYPO3.CMS/+/77206

Actions #8

Updated by Gerrit Code Review about 1 year ago

Patch set 3 for branch main of project Packages/TYPO3.CMS has been pushed to the review server.
It is available at https://review.typo3.org/c/Packages/TYPO3.CMS/+/77206

Actions #9

Updated by Gerrit Code Review about 1 year ago

Patch set 4 for branch main of project Packages/TYPO3.CMS has been pushed to the review server.
It is available at https://review.typo3.org/c/Packages/TYPO3.CMS/+/77206

Actions #10

Updated by Gerrit Code Review about 1 year ago

Patch set 5 for branch main of project Packages/TYPO3.CMS has been pushed to the review server.
It is available at https://review.typo3.org/c/Packages/TYPO3.CMS/+/77206

Actions #11

Updated by Gerrit Code Review about 1 year ago

Patch set 6 for branch main of project Packages/TYPO3.CMS has been pushed to the review server.
It is available at https://review.typo3.org/c/Packages/TYPO3.CMS/+/77206

Actions #12

Updated by Gerrit Code Review about 1 year ago

Patch set 7 for branch main of project Packages/TYPO3.CMS has been pushed to the review server.
It is available at https://review.typo3.org/c/Packages/TYPO3.CMS/+/77206

Actions #13

Updated by Gerrit Code Review about 1 year ago

Patch set 8 for branch main of project Packages/TYPO3.CMS has been pushed to the review server.
It is available at https://review.typo3.org/c/Packages/TYPO3.CMS/+/77206

Actions #14

Updated by Gerrit Code Review about 1 year ago

Patch set 9 for branch main of project Packages/TYPO3.CMS has been pushed to the review server.
It is available at https://review.typo3.org/c/Packages/TYPO3.CMS/+/77206

Actions #15

Updated by Gerrit Code Review about 1 year ago

Patch set 10 for branch main of project Packages/TYPO3.CMS has been pushed to the review server.
It is available at https://review.typo3.org/c/Packages/TYPO3.CMS/+/77206

Actions #16

Updated by Gerrit Code Review about 1 year ago

Patch set 11 for branch main of project Packages/TYPO3.CMS has been pushed to the review server.
It is available at https://review.typo3.org/c/Packages/TYPO3.CMS/+/77206

Actions #17

Updated by Gerrit Code Review about 1 year ago

Patch set 12 for branch main of project Packages/TYPO3.CMS has been pushed to the review server.
It is available at https://review.typo3.org/c/Packages/TYPO3.CMS/+/77206

Actions #18

Updated by Gerrit Code Review about 1 year ago

Patch set 13 for branch main of project Packages/TYPO3.CMS has been pushed to the review server.
It is available at https://review.typo3.org/c/Packages/TYPO3.CMS/+/77206

Actions #19

Updated by Gerrit Code Review about 1 year ago

Patch set 14 for branch main of project Packages/TYPO3.CMS has been pushed to the review server.
It is available at https://review.typo3.org/c/Packages/TYPO3.CMS/+/77206

Actions #20

Updated by Gerrit Code Review about 1 year ago

Patch set 15 for branch main of project Packages/TYPO3.CMS has been pushed to the review server.
It is available at https://review.typo3.org/c/Packages/TYPO3.CMS/+/77206

Actions #21

Updated by Gerrit Code Review about 1 year ago

Patch set 16 for branch main of project Packages/TYPO3.CMS has been pushed to the review server.
It is available at https://review.typo3.org/c/Packages/TYPO3.CMS/+/77206

Actions #22

Updated by Gerrit Code Review about 1 year ago

Patch set 1 for branch 11.5 of project Packages/TYPO3.CMS has been pushed to the review server.
It is available at https://review.typo3.org/c/Packages/TYPO3.CMS/+/77712

Actions #23

Updated by Gerrit Code Review about 1 year ago

Patch set 1 for branch 10.4 of project Packages/TYPO3.CMS has been pushed to the review server.
It is available at https://review.typo3.org/c/Packages/TYPO3.CMS/+/77714

Actions #24

Updated by Gerrit Code Review about 1 year ago

Patch set 2 for branch 11.5 of project Packages/TYPO3.CMS has been pushed to the review server.
It is available at https://review.typo3.org/c/Packages/TYPO3.CMS/+/77712

Actions #25

Updated by Gerrit Code Review about 1 year ago

Patch set 2 for branch 10.4 of project Packages/TYPO3.CMS has been pushed to the review server.
It is available at https://review.typo3.org/c/Packages/TYPO3.CMS/+/77714

Actions #26

Updated by Gerrit Code Review about 1 year ago

Patch set 3 for branch 11.5 of project Packages/TYPO3.CMS has been pushed to the review server.
It is available at https://review.typo3.org/c/Packages/TYPO3.CMS/+/77712

Actions #27

Updated by Gerrit Code Review about 1 year ago

Patch set 17 for branch main of project Packages/TYPO3.CMS has been pushed to the review server.
It is available at https://review.typo3.org/c/Packages/TYPO3.CMS/+/77206

Actions #28

Updated by Gerrit Code Review about 1 year ago

Patch set 3 for branch 10.4 of project Packages/TYPO3.CMS has been pushed to the review server.
It is available at https://review.typo3.org/c/Packages/TYPO3.CMS/+/77714

Actions #29

Updated by Benni Mack about 1 year ago

  • Status changed from Under Review to Resolved
  • % Done changed from 0 to 100
Actions #30

Updated by Benni Mack about 1 year ago

  • Status changed from Resolved to Closed
Actions

Also available in: Atom PDF