Bug #34527
Add method in repositories does also update
Status: | Resolved | Start date: | 2012-03-05 | |
---|---|---|---|---|
Priority: | Must have | Due date: | ||
Assigned To: | Karsten Dambekalns | % Done: | 100% |
|
Category: | Persistence | |||
Target version: | TYPO3 Flow Base Distribution - 1.1 beta 2 | |||
PHP Version: | Complexity: | |||
Has patch: | No | Affected Flow version: | Git 1.0 |
Description
The add method in repositores does also update existing entities, this is a dangerous security flaw, as it allows an attacker to misuse creation forms (i.e. a register form) and change existing entities.
Associated revisions
[BUGFIX] PersistenceManager->add() now requires objects being new
The add method in repositories did also update existing entities,
this can be dangerous, as it allows an attacker to misuse creation
forms (i.e. a register form) and change existing entities.
Change-Id: I4f3bd277cb9a7444d75472ecb10844bf3d792f89
Fixes: #34527
Releases: 1.0, 1.1, 1.2
[BUGFIX] Fix QueryTest using add twice for the same object
The new check for objects being added to persistence broke one
of the tests in the functional QueryTest. Turns out the test
was buggy, adding the same object twice (instead of a different
one).
Change-Id: Ia41f1497dfca6f06355c3b6c096929092c98d56e
Related: #34527
Releases: 1.1
[BUGFIX] PersistenceManager->add() now requires objects being new
The add method in repositories did also update existing entities,
this can be dangerous, as it allows an attacker to misuse creation
forms (i.e. a register form) and change existing entities.
Change-Id: I4f3bd277cb9a7444d75472ecb10844bf3d792f89
Fixes: #34527
Releases: 1.0, 1.1, 1.2
[BUGFIX] PersistenceManager->add() now requires objects being new
The add method in repositories did also update existing entities,
this can be dangerous, as it allows an attacker to misuse creation
forms (i.e. a register form) and change existing entities.
Change-Id: I4f3bd277cb9a7444d75472ecb10844bf3d792f89
Fixes: #34527
Releases: 1.0, 1.1, 1.2
History
#1 Updated by Andreas Förthner over 3 years ago
- Project changed from TYPO3 Flow Base Distribution to TYPO3.Flow
- Assigned To set to Andreas Förthner
#2 Updated by Karsten Dambekalns over 3 years ago
- Category set to Security
- Status changed from New to Accepted
- Has patch set to No
- Affected Flow version changed from Git master to Git 1.0
Right, Doctrine doesn't differentiate between add and update in it's API. So we'd need to do this "on our side".
#3 Updated by Karsten Dambekalns over 3 years ago
- Assigned To changed from Andreas Förthner to Karsten Dambekalns
- Target version set to 1.0.5
#4 Updated by Karsten Dambekalns over 3 years ago
- Category changed from Security to Persistence
#5 Updated by Gerrit Code Review about 3 years ago
- Status changed from Accepted to Under Review
Patch set 1 for branch FLOW3-1.1 has been pushed to the review server.
It is available at http://review.typo3.org/11595
#6 Updated by Karsten Dambekalns about 3 years ago
- Target version changed from 1.0.5 to 1.1 beta 2
#7 Updated by Gerrit Code Review about 3 years ago
Patch set 2 for branch FLOW3-1.1 has been pushed to the review server.
It is available at http://review.typo3.org/11595
#8 Updated by Gerrit Code Review about 3 years ago
Patch set 3 for branch FLOW3-1.1 has been pushed to the review server.
It is available at http://review.typo3.org/11595
#9 Updated by Gerrit Code Review about 3 years ago
Patch set 1 for branch master has been pushed to the review server.
It is available at http://review.typo3.org/11715
#10 Updated by Gerrit Code Review about 3 years ago
Patch set 1 for branch FLOW3-1.0 has been pushed to the review server.
It is available at http://review.typo3.org/11716
#11 Updated by Gerrit Code Review about 3 years ago
Patch set 2 for branch master has been pushed to the review server.
It is available at http://review.typo3.org/11715
#12 Updated by Gerrit Code Review about 3 years ago
Patch set 2 for branch FLOW3-1.0 has been pushed to the review server.
It is available at http://review.typo3.org/11716
#13 Updated by Karsten Dambekalns about 3 years ago
- Status changed from Under Review to Resolved
- % Done changed from 0 to 100
Applied in changeset 2290d9febc7b7fc9a5bb0d67d8f89e97c8a345f0.
#14 Updated by Gerrit Code Review about 3 years ago
- Status changed from Resolved to Under Review
Patch set 3 for branch master has been pushed to the review server.
It is available at http://review.typo3.org/11715
#15 Updated by Gerrit Code Review about 3 years ago
Patch set 3 for branch FLOW3-1.0 has been pushed to the review server.
It is available at http://review.typo3.org/11716
#16 Updated by Karsten Dambekalns about 3 years ago
- Status changed from Under Review to Resolved
#17 Updated by Gerrit Code Review about 3 years ago
- Status changed from Resolved to Under Review
Patch set 4 for branch master has been pushed to the review server.
It is available at http://review.typo3.org/11715
#18 Updated by Karsten Dambekalns about 3 years ago
- Status changed from Under Review to Resolved
Applied in changeset 8d4b3c7099b597525ebb3406dbef0b9f204d67d2.