Task #56268: Add new way to register a TCA wizard - Core - TYPO3 Forge

Core Indexed Search Linkvalidator Release Cycles Team Resources Workspaces & Versioning TYPO3 CMS Usability Team Community Extensions Distributions Feature-Requests TYPO3 6.2 Projects (+)(Archived Projects)

Task #56268

Epic #55070: Workpackages

Epic #55066: WP: Security enhancements

Story #55516: Reduce the number of backend script entry points

Add new way to register a TCA wizard

Added by Helmut Hummel over 1 year ago. Updated over 1 year ago.

Status:

Resolved

Start date:

2014-02-25

Priority:

Should have

Due date:

Assigned To:

% Done:

100%

Category:

Spent time:

1.00 hour

Target version:

TYPO3 Version:

6.2

Complexity:

PHP Version:

Sprint Focus:

Description

Wizards used to be registered by defining a script path
to an entry script for a wizard. Since we now aim to reduce
the entry scripts, wizards should be called through
mod.php and be registered accordingly.
However with the additional requirement of adding
CSRF protection for all mod.php calls, we cannot hard code
the script URLs for wizards any more. Instead BackendUtility::getModuleUrl
should be used, which adds the CSRF protection token.
Since this token is session dependend and TCA might be cached,
we need a new way to register a wizard by just specifying
the module name in TCA.

The FormRenderer should then take care to call BackendUtility::getModuleUrl

Related issues

Associated revisions

Revision d956775f
Added by Helmut Hummel over 1 year ago

[FEATURE] Add new way to register a TCA wizard

Wizards used to be registered by defining a script path
to an entry script. Since we now aim to reduce
the number of entry scripts, wizards should be called
through mod.php and be registered accordingly.
However with the additional requirement of adding
CSRF protection for all mod.php calls, we cannot
hard code the script URLs for wizards any more.
Instead BackendUtility::getModuleUrl should be used,
which adds the CSRF protection token.
Since this token depends on the current user session
and TCA might be cached, we need a new way to register
a wizard by just specifying the module name in TCA.

FormEngine should then take care to call
BackendUtility::getModuleUrl()

Resolves: #56268
Releases: 6.2
Change-Id: I8dfd2f49257f673e0490e2553da63359a8e68776
Reviewed-on: https://review.typo3.org/27841
Reviewed-by: Markus Klein
Tested-by: Markus Klein

History

#1 Updated by Gerrit Code Review over 1 year ago

Status changed from New to Under Review

Patch set 1 for branch master of project Packages/TYPO3.CMS has been pushed to the review server.
It is available at https://review.typo3.org/27841

#2 Updated by Gerrit Code Review over 1 year ago

Patch set 2 for branch master of project Packages/TYPO3.CMS has been pushed to the review server.
It is available at https://review.typo3.org/27841

#3 Updated by Gerrit Code Review over 1 year ago

Patch set 3 for branch master of project Packages/TYPO3.CMS has been pushed to the review server.
It is available at https://review.typo3.org/27841

#4 Updated by Helmut Hummel over 1 year ago

Status changed from Under Review to Resolved
% Done changed from 0 to 100

Applied in changeset d956775f3162ad158c9d43bf5e215c70264f4714.

Also available in: Atom PDF

Core

Issues

Custom queries