Bug #40984
CsrfProtectionAspect fails with paginate view helper and empty f:link action argument
| Status: | Resolved | Start date: | 2012-09-17 | |
|---|---|---|---|---|
| Priority: | Must have | Due date: | ||
| Assigned To: | - | % Done: | 100% |
|
| Category: | Security | |||
| Target version: | TYPO3 Flow Base Distribution - 2.0 beta 1 | |||
| PHP Version: | 5.3 | Complexity: | ||
| Has patch: | No | Affected Flow version: | Git 1.2 (master) |
Description
When Paginate ViewHelper is used in any template FLOW3 fails while adding Csrf token to the pagination links. It fails even after adding @FLOW3\SkipCsrfProtection as a known workaround for pagination.
Exact error seen is "The parameter class is expected to be either a string or an object ". With topmost backtrace lines as:
- ReflectionMethod::__construct(FALSE, "indexAction")
- TYPO3\FLOW3\Reflection\ReflectionService::getMethodAnnotations(FALSE, "indexAction", "TYPO3\FLOW3\Annotations\SkipCsrfProtection")
- TYPO3\FLOW3\Reflection\ReflectionService::isMethodAnnotatedWith(FALSE, "indexAction", "TYPO3\FLOW3\Annotations\SkipCsrfProtection")
One of the functional test for ViewHelper is also failing because of empty action. http://ci.typo3.robertlemke.net/job/Fluid-ViewHelperTest/lastCompletedBuild/testReport/
Associated revisions
[BUGFIX] Cleanup CSRF protection issues
Change-Id: I83536f1edbdc259eec89b9c31b516c2cbc947268
Fixes: #40984
Releases: 1.2
[TASK] Adjust CsrfProtectionAspect unit test
Change-Id: I779d57aeab8cf01f198cadd85d63062be89235cd
Related: #40984
Releases: 1.2
History
#1 Updated by Karsten Dambekalns almost 3 years ago
- Target version set to 2.0 beta 1
#2 Updated by Gerrit Code Review almost 3 years ago
- Status changed from New to Under Review
Patch set 1 for branch master has been pushed to the review server.
It is available at http://review.typo3.org/14655
#3 Updated by Gerrit Code Review almost 3 years ago
Patch set 2 for branch master has been pushed to the review server.
It is available at http://review.typo3.org/14655
#4 Updated by Gerrit Code Review almost 3 years ago
Patch set 3 for branch master has been pushed to the review server.
It is available at http://review.typo3.org/14655
#5 Updated by Gerrit Code Review almost 3 years ago
Patch set 4 for branch master has been pushed to the review server.
It is available at http://review.typo3.org/14655
#6 Updated by Christian Müller almost 3 years ago
- Status changed from Under Review to Resolved
- % Done changed from 0 to 100
Applied in changeset 4574114c6c3e56be84b214c7993da87f036b18b4.