Bug #48858

Deleting of users, sites and objects generally in the backend is broken

Added by Simon Schaufelberger about 2 years ago. Updated about 2 years ago.

Status:Resolved Start date:2013-06-05
Priority:Must have Due date:
Assigned To:- % Done:

100%
Category:-
Target version:Base Distribution - 1.0 beta 1

Description

currently you cannot delete anything in the neos backed. I don't know but maybe its because the CSRF string is missing? The delete button is just a normal link with the node identifier attached.

if thats not in the right project, please move it in the correct one. i just dont know if thats related to neos or to flow generally.

Associated revisions

Revision 8645aadd
Added by Aske Ertmann about 2 years ago

[TASK] Adjust to safe request changes

Removes Flow\SkipCsrfProtection annotations from
controller actions.

Fixes all get requests with side effects in modules:
  • User settings
  • Users management
  • Workspaces
  • Sites management

Currently not supported in Internet Explorer. Would need
polyfill to support HTML5 form attribute functionality.

Related: #48858
Change-Id: Ife44b909525f9d44ba3f4e2c725fb03b3ea60d92

History

#1 Updated by Tim Kandel about 2 years ago

  • Status changed from New to Under Review
  • Target version set to 1.0 beta 1
  • % Done changed from 0 to 90

Take a look at this patch: https://review.typo3.org/#/c/20172/
It fixes the problem, but I think it needs to be adjusted to the recent CSS class renaming.

#2 Updated by Simon Schaufelberger about 2 years ago

ok thanx for that hint. indeed that patch fixes it.

#3 Updated by Tim Kandel about 2 years ago

  • Status changed from Under Review to Resolved
  • % Done changed from 90 to 100

Since the patch has been merged a while ago, this can be closed.

Also available in: Atom PDF