Bug #31294
SkipCsrfProtection doesn't work for actions without parameters anymore
Status: | Closed | Start date: | 2011-10-25 | |
---|---|---|---|---|
Priority: | Must have | Due date: | ||
Assigned To: | Karsten Dambekalns | % Done: | 100% |
|
Category: | Security | |||
Target version: | TYPO3 Flow Base Distribution - 1.1 beta 1 | |||
PHP Version: | Complexity: | |||
Has patch: | No | Affected Flow version: | FLOW3 1.0.0 |
Description
I tried to use the @FLOW3\SkipCsrfProtection with the following indexAction:
/** * List action for this controller. * @return string * @FLOW3\SkipCsrfProtection */ public function indexAction() { }
Unfortunately this doesn't work anymore. It works again if I add a dummy parameter like this:
/** * List action for this controller. * @return string * @FLOW3\SkipCsrfProtection */ public function indexAction($bernd = 'katze') { }
Maybe it's a small fix to change FLOW3s @DoctrineAnnotation\Target in Annotations\SkipCsrfProtection.php from "METHOD" to "PROPERTY" like this:
<?php namespace TYPO3\FLOW3\Annotations; /* * * This script belongs to the FLOW3 framework. * * * * It is free software; you can redistribute it and/or modify it under * * the terms of the GNU Lesser General Public License, either version 3 * * of the License, or (at your option) any later version. * * * * The TYPO3 project - inspiring people to share! * * */ use Doctrine\Common\Annotations\Annotation as DoctrineAnnotation; /** * @Annotation * @DoctrineAnnotation\Target("PROPERTY") */ final class SkipCsrfProtection {} ?>
But I'm not deep enough into this annotation stuff to imagine any side effects :)
History
#1 Updated by Karsten Dambekalns almost 4 years ago
- Status changed from New to Accepted
The target annotation declares the annotation target, and that is clearly method in this case (as the annotation is to be added in a method's docblock). So there must be something else.
#2 Updated by Martin Brüggemann over 3 years ago
I updated my FLOW3 Package to the latest trunk and everything works fine now. You can close this ticket. Don't know exactly what has fixed the error but @FLOW3\SkipCsrfProtection works, now!
#3 Updated by Karsten Dambekalns over 3 years ago
- Status changed from Accepted to Closed
- % Done changed from 0 to 100
Great!
#4 Updated by Karsten Dambekalns over 3 years ago
- Target version changed from 1.1 to 1.1 beta 1