Feature #98227
closed
Form definition import/export
0%
Description
Typo3 does allow the download of .form.yaml files from the form_definitions folder via the file list, but not their upload.
Therefore, an editor cannot copy a complex form to another site without having access to the file system via ssh/ftp.
This is why I suggest an import/export feature for the forms. This would allow editors easily to copy forms between multiple sites.
Updated by Oliver Hader about 2 years ago
The reason of denying uploads of form definitions (.form.yaml) by regular editors is due to https://typo3.org/security/advisory/typo3-core-sa-2018-003 - especially form finishers allowed to execute arbitrary changes.
Assuming the form parts of a form definition is safe, it might be possible to upload/adjust .form.yaml files directly, in case they don't define any finisher processing.
Updated by Oliver Hader about 2 years ago
- Subject changed from From import/export to Form definition import/export
Updated by Georg Ringer 5 months ago
- Status changed from New to Rejected
Hey Katharina,
thanks for the issue. Editors should really not work with those YAML files as one space character can break the form. If the editors you are working with can handle that, feel free to xclass/patch and remove the code to deny yml files but be aware of the additional security issue.
the core won't provide an upload feature