Bug #41524
csrfToken not added to action links having action method name with more than 1 word
Status: | Closed | Start date: | 2012-10-02 | |
---|---|---|---|---|
Priority: | Should have | Due date: | ||
Assigned To: | Bastian Waidelich | % Done: | 0% |
|
Category: | Security | |||
Target version: | - | |||
PHP Version: | 5.3 | Complexity: | ||
Has patch: | No | Affected Flow version: | Git 1.2 (master) |
Description
In short: csrfToken is not added to links who's target action is "someOtherAction" but only works for action names like "someAction"
After digging a little bit in code I found that UriBuilder->uriFor() makes the @action argument forcefully lowercase and hence $this->reflectionService->hasMethod($className, $actionName) in the CsrfProtectionAspect returns false.
Related issues
History
#1 Updated by Bastian Waidelich almost 3 years ago
- Assigned To set to Bastian Waidelich
Sorry, I didn't see this report (it would have saved me a lot of time).
I'm closing this as duplicate of #42083 now, the issue should be solved with http://review.typo3.org/15765
Please reopen if that's not the case!
#2 Updated by Bastian Waidelich almost 3 years ago
- Status changed from New to Closed