Epic #55066

Epic #55070: Workpackages

WP: Security enhancements

Added by Ingo Schmitt over 1 year ago. Updated 4 months ago.

Status:New Start date:2013-03-19
Priority:Could have Due date:
Assigned To:Helmut Hummel % Done:

90%
Category:- Spent time: 87.50 hours
Target version:6.2.0 Estimated time:83.50 hours
Sprint Focus:

Description

TYPO3 has a pretty good track record in being a secure web application. That is the case not only because security related issues are handled in a profound and transparend way but also because the TYPO3 team constantly strives to imlement protection for newly discovered attack vectors that might be relevant for some (enterprise level) users.
For TYPO3 CMS 6.2 the team strives to improve some and add some security mechanisms of the TYPO3 Backend. In particular enhance the already present Cross-Site Reqest Forgery (CSRF) protection and add protection against common Click-Jacking Attacks

Subtasks

Bug #54201: Implement Clickjacking ProtectionResolved

Bug #46434: XSS in content element wizardUnder Review

Story #55508: Implement CSRF Protection in Extbase URI builder and requ...New

Story #55509: Add CSRF Protection to mod.phpResolvedHelmut Hummel

Task #56359: Fix module access regressionsResolved

Task #56453: Improve usability with multiple tabs openResolved

Task #55515: Add CSRF Protection for tce_file.phpResolvedAlexander Schnitzler

Story #55516: Reduce the number of backend script entry pointsResolvedAnja Leichsenring

Task #55668: cms/layout entry scripts cleanupResolvedNicole Cordes

Task #55669: form sysext entry script cleanupResolvedAnja Leichsenring

Task #55670: func entry script cleanupResolvedAnja Leichsenring

Task #55671: impexp entry script cleanupResolvedAnja Leichsenring

Task #55672: info entry script cleanupResolvedAnja Leichsenring

Task #55796: Adjust indexed seach submodules of web_info to mod dispat...ResolvedAnja Leichsenring

Task #55797: Use mod dispatch on indexed search submodules for web_infoResolvedAnja Leichsenring

Task #55673: openid entry script cleanupRejectedAnja Leichsenring

Task #55674: rtehtmlarea entry scripts cleanupResolvedNicole Cordes

Task #55675: version entry script cleanupResolvedNicole Cordes

Task #55676: t3editor wizard inclusion cleanupResolvedAnja Leichsenring

Task #55809: Compat layer for submodules using index.phpResolvedAnja Leichsenring

Task #56631: Remove Compat layer for info and function submodulesResolved

Task #56246: BackenUtility::getModuleUrl should respect old modules (n...Rejected

Task #56247: Remove all conf.php files and use the BackendUtility::add...Rejected

Task #56268: Add new way to register a TCA wizardResolved

Task #56364: Redirect after switch-to-user brokenResolvedHelmut Hummel

Task #56272: Use the new way of registering wizards for edit wizardResolved

Task #56632: Make show_rechis.php mod.php dispatchedResolvedNicole Cordes

Task #56721: ElementBrowser::getThisScript is not publicResolved

Story #56052: Implement CSRF Protection for ajax.phpResolved

Task #56345: Add API to CSRF protect Ajax calls in BackendResolved

Task #56356: Protect core Ajax calls against CSRFResolved

Task #56404: Make sure M parameter is first in URLResolved

Task #57096: Cleanup Ajax URL JS settingsResolved

Task #57196: Protect Ajax calls of core extensionsResolved

Bug #56403: Fix GET parameter order in unit testsResolved

Story #56431: Use new wizard registration and remove wizard entry pointsResolvedAlexander Schnitzler

Task #56432: Adjust typo3/wizard_add.phpResolvedAlexander Schnitzler

Task #56433: Adjust typo3/wizard_edit.phpResolvedAlexander Schnitzler

Task #56434: Adjust typo3/wizard_list.phpResolvedAlexander Schnitzler

Task #56435: Adjust typo3/wizard_table.phpResolvedAlexander Schnitzler

Task #56436: Adjust typo3/wizard_colorpicker.phpResolvedAlexander Schnitzler

Task #56437: Adjust typo3/wizard_rte.phpResolvedAlexander Schnitzler

Task #56438: Adjust typo3/wizard_forms.phpResolvedAlexander Schnitzler

Task #56454: Remove old wizard scriptsResolved

Task #56470: Make typo3/browse_links.php and rtehtmlarea/mod3/browse_l...Resolved

Task #56471: Make wizard_backend_layout.php mod.php dispatchedResolved

Task #56622: Regression: The requested URL /typo3/' T3_THIS_LOCATION '...Resolved

Task #56611: new reference error with non-admin userResolved

Task #56625: Remove old backend_layout wizardResolved

Bug #56633: Add Formprotection Class for FE usage (API for ext develo...AcceptedHelmut Hummel

Bug #56743: Make file_edit.php dispatchedResolved

Bug #61477: Create upgrade wizard for "old" shortcut links of file_ed...ResolvedWouter Wolters

Task #61215: Make file_newfolder.php dispatchedResolvedWouter Wolters

Task #61216: Make file_rename.php dispatchedResolvedWouter Wolters

Task #61217: Make file_upload.php dispatchedResolvedWouter Wolters

Task #64691: Make move_el.php dispatchedResolved

Task #64692: Make tce_file.php dispatchedResolved

Bug #64695: Make tce_db.php dispatchedResolved

Task #64774: Make login_frameset.php dispatchedResolved

History

#1 Updated by Ingo Schmitt over 1 year ago

  • Tracker changed from Bug to Epic
  • Subject changed from Security enhancements to WP: Security enhancements
  • Estimated time set to 160.00
  • Parent task set to #55070

Also available in: Atom PDF