Bug #42083
CSRF token is not appended for actions with mixed case characters
Status: | Resolved | Start date: | 2012-10-17 | |
---|---|---|---|---|
Priority: | Must have | Due date: | ||
Assigned To: | Bastian Waidelich | % Done: | 100% |
|
Category: | Security | |||
Target version: | TYPO3 Flow Base Distribution - 2.0 beta 1 | |||
PHP Version: | Complexity: | |||
Has patch: | No | Affected Flow version: | Git 1.2 (master) |
Description
Since the update (I don't know what exactly broke this), the CrsfProtectionAspect
no longer appends the CSRF token when the target action contains uppercase characters (e.g. someSpecialAction
).
The reason is, that in the aspect the action method name is retrieved all lowercase thus ReflectionService::hasMethod($className, $actionMethodName)
returns FALSE if $actionMethodName is not correctly cased.
Related issues
Associated revisions
[BUGFIX] CSRF token is not appended for actions with mixed case characters
The CrsfProtectionAspect no longer appends the CSRF token when the
target action contains uppercase characters (e.g. someSpecialAction).
This change fixes this by resolving the correctly cased method name
before checking for the SkipCsrfToken annotation in the aspect.
Change-Id: I0675679b507ee3b0b10598603d61c2bf53d8e960
Fixes: #42083
Releases: 1.2
History
#1 Updated by Gerrit Code Review almost 3 years ago
- Status changed from Accepted to Under Review
Patch set 1 for branch master has been pushed to the review server.
It is available at http://review.typo3.org/15765
#2 Updated by Pankaj Lele almost 3 years ago
You may also relate this bug to earlier reported similar bug #41524 Thanks
#3 Updated by Bastian Waidelich almost 3 years ago
- Status changed from Under Review to Resolved
- % Done changed from 0 to 100
Applied in changeset 9ea304b4531e404112ae9c189554ef73057fa05b.