Bug #36035: CSRF protection prevents the triggering of authentication entry points in some cases - TYPO3.Flow - TYPO3 Forge

TYPO3 Flow Base Distribution TYPO3.Eel TYPO3.Flow TYPO3.Fluid TYPO3.Kickstart TYPO3.Welcome Packages Applications

Bug #36035

CSRF protection prevents the triggering of authentication entry points in some cases

Added by Andreas Förthner over 3 years ago. Updated over 3 years ago.

Status:

Resolved

Start date:

2012-04-14

Priority:

Should have

Due date:

Assigned To:

Andreas Förthner

% Done:

100%

Category:

Security

Target version:

TYPO3 Flow Base Distribution - 1.1

PHP Version:

Complexity:

Has patch:

Affected Flow version:

Git master

Description

As CSRF protection is not needed when nobody is logged in, we can completely skip this feature then. This makes sure, that authentication entry points are triggered in any case correctly.

Associated revisions

Revision 6ed045ce
Added by Andreas Förthner over 3 years ago

[BUGFIX] Skip CSRF protection if not authenticated

CSRF protection prevented the triggering of authentication entry
points in some cases. As CSRF protection is not needed,
if nobody is authenticated, we completely skip this feature
in those cases.

Change-Id: I6c6ae85412bf8fda8085d3d7eb67f799ab60abdc
Releases: 1.1
Resolves: #36035

History

#1 Updated by Gerrit Code Review over 3 years ago

Status changed from New to Under Review

Patch set 1 for branch master has been pushed to the review server.
It is available at http://review.typo3.org/10463

#2 Updated by Andreas Förthner over 3 years ago

Status changed from Under Review to Resolved
% Done changed from 0 to 100

Applied in changeset 6ed045ce6283a6c359d2aef681a64f96bcec8958.

Also available in: Atom PDF

TYPO3.Flow

Issues

Custom queries