Task #56345: Add API to CSRF protect Ajax calls in Backend - Core - TYPO3 Forge

Core Indexed Search Linkvalidator Release Cycles Team Resources Workspaces & Versioning TYPO3 CMS Usability Team Community Extensions Distributions Feature-Requests TYPO3 6.2 Projects (+)(Archived Projects)

Task #56345

Epic #55070: Workpackages

Epic #55066: WP: Security enhancements

Story #56052: Implement CSRF Protection for ajax.php

Add API to CSRF protect Ajax calls in Backend

Added by Helmut Hummel over 1 year ago. Updated over 1 year ago.

Status:

Resolved

Start date:

2014-02-26

Priority:

Should have

Due date:

Assigned To:

% Done:

100%

Category:

Spent time:

Target version:

TYPO3 Version:

6.2

Complexity:

PHP Version:

Sprint Focus:

Description

This change adds API to register Ajax ids with their handler
and to get an Ajax URL for a specific AjaxID

A token check is added to the ajax.php dispatcher
script. To stay backwards compatible, the token
is only checked, if the AjaxId is registered not
using the new API.

The new API will be used by TYPO3 core in
consecutive changes.

Related issues

Associated revisions

Revision 2aa83d39
Added by Helmut Hummel over 1 year ago

[FEATURE] Add API to CSRF protect Ajax calls in Backend

This change adds API to register Ajax ids with
their handler and to get an Ajax URL for
a specific AjaxID.

A token check is added to the ajax.php dispatcher
script. To stay backwards compatible, the token
is only checked, if the AjaxId is registered not
using the new API.

The new API will be used by TYPO3 core in
consecutive changes.

Resolves: #56345
Documentation: #56347
Releases: 6.2
Change-Id: I188a9312b0f4239040e461ba09dc9c8f2b93a68b
Reviewed-on: https://review.typo3.org/27873
Reviewed-by: Wouter Wolters
Reviewed-by: Anja Leichsenring
Tested-by: Anja Leichsenring
Reviewed-by: Markus Klein
Tested-by: Markus Klein
Reviewed-by: Helmut Hummel
Tested-by: Helmut Hummel

History

#1 Updated by Gerrit Code Review over 1 year ago

Status changed from New to Under Review

Patch set 2 for branch master of project Packages/TYPO3.CMS has been pushed to the review server.
It is available at https://review.typo3.org/27873

#2 Updated by Gerrit Code Review over 1 year ago

Patch set 3 for branch master of project Packages/TYPO3.CMS has been pushed to the review server.
It is available at https://review.typo3.org/27873

#3 Updated by Gerrit Code Review over 1 year ago

Patch set 4 for branch master of project Packages/TYPO3.CMS has been pushed to the review server.
It is available at https://review.typo3.org/27873

#4 Updated by Gerrit Code Review over 1 year ago

Patch set 5 for branch master of project Packages/TYPO3.CMS has been pushed to the review server.
It is available at https://review.typo3.org/27873

#5 Updated by Gerrit Code Review over 1 year ago

Patch set 6 for branch master of project Packages/TYPO3.CMS has been pushed to the review server.
It is available at https://review.typo3.org/27873

#6 Updated by Gerrit Code Review over 1 year ago

Patch set 7 for branch master of project Packages/TYPO3.CMS has been pushed to the review server.
It is available at https://review.typo3.org/27873

#7 Updated by Helmut Hummel over 1 year ago

Status changed from Under Review to Resolved
% Done changed from 0 to 100

Applied in changeset 2aa83d3965d322bcabc74cd2ac30b1a1de47b1ec.

Also available in: Atom PDF

Core

Issues

Custom queries