Task #56356

Epic #55070: Workpackages

Epic #55066: WP: Security enhancements

Story #56052: Implement CSRF Protection for ajax.php

Protect core Ajax calls against CSRF

Added by Helmut Hummel over 1 year ago. Updated over 1 year ago.

Status:Resolved Start date:2014-02-26
Priority:Should have Due date:
Assigned To:- % Done:

100%

Category:- Spent time: -
Target version:-
TYPO3 Version:6.2 Complexity:
PHP Version: Sprint Focus:

Description

The backend ajax handler that are directly registered
in DefaultConfiguration.php should be CSRF protected
if necessary.


Related issues

related to Core - Bug #56626: AJAX file upload fails in beta6 Closed 2014-03-06
precedes Core - Bug #56988: IE8 Users can't login to backend Resolved 2014-03-17

Associated revisions

Revision 715e61b2
Added by Helmut Hummel over 1 year ago

[SECURITY] Protect core Ajax calls against CSRF

The backend ajax handler that are directly registered
in DefaultConfiguration.php are now CSRF protected
if necessary.

Resolves: #56356
Releases: 6.2
Change-Id: Ia592f7f2b51c20326600b97d2ce10a5e5fdbfde7
Reviewed-on: https://review.typo3.org/27877
Reviewed-by: Wouter Wolters
Tested-by: Wouter Wolters
Reviewed-by: Markus Klein
Tested-by: Markus Klein

History

#1 Updated by Gerrit Code Review over 1 year ago

  • Status changed from New to Under Review

Patch set 1 for branch master of project Packages/TYPO3.CMS has been pushed to the review server.
It is available at https://review.typo3.org/27877

#2 Updated by Helmut Hummel over 1 year ago

  • Parent task set to #56052

#3 Updated by Gerrit Code Review over 1 year ago

Patch set 2 for branch master of project Packages/TYPO3.CMS has been pushed to the review server.
It is available at https://review.typo3.org/27877

#4 Updated by Gerrit Code Review over 1 year ago

Patch set 3 for branch master of project Packages/TYPO3.CMS has been pushed to the review server.
It is available at https://review.typo3.org/27877

#5 Updated by Gerrit Code Review over 1 year ago

Patch set 4 for branch master of project Packages/TYPO3.CMS has been pushed to the review server.
It is available at https://review.typo3.org/27877

#6 Updated by Helmut Hummel over 1 year ago

  • Status changed from Under Review to Resolved
  • % Done changed from 0 to 100

Also available in: Atom PDF