Task #55515
Epic #55070: Workpackages
Epic #55066: WP: Security enhancements
Add CSRF Protection for tce_file.php
Status: | Resolved | Start date: | 2014-01-31 | |
---|---|---|---|---|
Priority: | Must have | Due date: | ||
Assigned To: | Alexander Schnitzler | % Done: | 100% |
|
Category: | - | Spent time: | 2.75 hours | |
Target version: | 6.2.0 | Estimated time: | 32.00 hours | |
TYPO3 Version: | 6.2 | Complexity: | ||
PHP Version: | Sprint Focus: |
Description
tce_file.php works as API/ entry point for file operations and must be CSRF protected (like tce_db.php)
- Add token check in tce_file.php
- Search all places where tce_file.php is used and add the token
- Especially all JS (d&d fileupload) needs to get the token (d&d upload is handled by ajax.php and needs special handling. This will be targeted in another change)
Related issues
Associated revisions
[!!!][SECURITY] Add CSRF Protection for tce_file.php
Add a token check in tce_file.php and token generation
everywhere forms for or links to tce_file.php are created.
Additionaly make sure, an instance of ExtendedFileUtility
is created in FileController on initialization to prevent
a fatal "Call to a member function on a non-object" error
in FileController::finish.
Releases: 6.2
Resolves: #55515
Change-Id: Ifd585661ac2cac6c88eaca5ad63b447d27e35395
Reviewed-on: https://review.typo3.org/27691
Reviewed-by: Helmut Hummel
Tested-by: Helmut Hummel
History
#1 Updated by Alexander Schnitzler over 1 year ago
- Assigned To set to Alexander Schnitzler
#2 Updated by Gerrit Code Review over 1 year ago
- Status changed from Accepted to Under Review
Patch set 1 for branch master of project Packages/TYPO3.CMS has been pushed to the review server.
It is available at https://review.typo3.org/27691
#3 Updated by Alexander Schnitzler over 1 year ago
- % Done changed from 0 to 30
#4 Updated by Gerrit Code Review over 1 year ago
Patch set 2 for branch master of project Packages/TYPO3.CMS has been pushed to the review server.
It is available at https://review.typo3.org/27691
#5 Updated by Gerrit Code Review over 1 year ago
Patch set 3 for branch master of project Packages/TYPO3.CMS has been pushed to the review server.
It is available at https://review.typo3.org/27691
#6 Updated by Anonymous over 1 year ago
- Status changed from Under Review to Resolved
- % Done changed from 30 to 100
Applied in changeset 75281c9c7193fb28464a409836d4c8f7a79af9b9.