Task #56356: Protect core Ajax calls against CSRF - Core - TYPO3 Forge

Core Indexed Search Linkvalidator Release Cycles Team Resources Workspaces & Versioning TYPO3 CMS Usability Team Community Extensions Distributions Feature-Requests TYPO3 6.2 Projects (+)(Archived Projects)

Task #56356

Epic #55070: Workpackages

Epic #55066: WP: Security enhancements

Story #56052: Implement CSRF Protection for ajax.php

Protect core Ajax calls against CSRF

Added by Helmut Hummel over 1 year ago. Updated over 1 year ago.

Status:

Resolved

Start date:

2014-02-26

Priority:

Should have

Due date:

Assigned To:

% Done:

100%

Category:

Spent time:

Target version:

TYPO3 Version:

6.2

Complexity:

PHP Version:

Sprint Focus:

Description

The backend ajax handler that are directly registered
in DefaultConfiguration.php should be CSRF protected
if necessary.

Related issues

Associated revisions

Revision 715e61b2
Added by Helmut Hummel over 1 year ago

[SECURITY] Protect core Ajax calls against CSRF

The backend ajax handler that are directly registered
in DefaultConfiguration.php are now CSRF protected
if necessary.

Resolves: #56356
Releases: 6.2
Change-Id: Ia592f7f2b51c20326600b97d2ce10a5e5fdbfde7
Reviewed-on: https://review.typo3.org/27877
Reviewed-by: Wouter Wolters
Tested-by: Wouter Wolters
Reviewed-by: Markus Klein
Tested-by: Markus Klein

History

#1 Updated by Gerrit Code Review over 1 year ago

Status changed from New to Under Review

Patch set 1 for branch master of project Packages/TYPO3.CMS has been pushed to the review server.
It is available at https://review.typo3.org/27877

#2 Updated by Helmut Hummel over 1 year ago

Parent task set to #56052

#3 Updated by Gerrit Code Review over 1 year ago

Patch set 2 for branch master of project Packages/TYPO3.CMS has been pushed to the review server.
It is available at https://review.typo3.org/27877

#4 Updated by Gerrit Code Review over 1 year ago

Patch set 3 for branch master of project Packages/TYPO3.CMS has been pushed to the review server.
It is available at https://review.typo3.org/27877

#5 Updated by Gerrit Code Review over 1 year ago

Patch set 4 for branch master of project Packages/TYPO3.CMS has been pushed to the review server.
It is available at https://review.typo3.org/27877

#6 Updated by Helmut Hummel over 1 year ago

Status changed from Under Review to Resolved
% Done changed from 0 to 100

Applied in changeset 715e61b279846e9eb69e0deafaeef9f9869fb24a.

Also available in: Atom PDF

	related to Core - Bug #56626: AJAX file upload fails in beta6	Closed	2014-03-06
	precedes Core - Bug #56988: IE8 Users can't login to backend	Resolved	2014-03-17

Core

Issues

Custom queries