Task #56454
Epic #55070: Workpackages
Epic #55066: WP: Security enhancements
Story #56431: Use new wizard registration and remove wizard entry points
Remove old wizard scripts
| Status: | Resolved | Start date: | 2014-02-28 | |
|---|---|---|---|---|
| Priority: | Should have | Due date: | ||
| Assigned To: | - | % Done: | 100% |
|
| Category: | - | Spent time: | 1.00 hour | |
| Target version: | - | |||
| TYPO3 Version: | 6.2 | Complexity: | ||
| PHP Version: | Sprint Focus: |
Description
Keeping the old wizard script would not solve
the CSRF attack vector as they could still
be referenced in this kind of attack.
Because of that, we remove them now.
This change provides a backwards compatibility
layer in FormsEngine which takes care of rewriting
URLs which have been referenced in TCA.
It will however break code which link to the
old scripts directly in other places.
Associated revisions
[!!!][SECURITY] Remove old wizard scripts
Keeping the old wizard script would not solve
the CSRF attack vector as they could still
be referenced in this kind of attack.
Because of that, we remove them now.
This change provides a backwards compatibility
layer in FormsEngine which takes care of rewriting
URLs which have been referenced in TCA.
Also the priority is changed in code. This means
that extension authors can reference both
configurations to stay compatible with older
TYPO3 versions.
It will however break code which link to the
old scripts directly in other places.
Resolves: #56454
Releases: 6.2
Change-Id: I15f5d929f16fdd53a8b87cd32440a3d6ce59b6ed
Reviewed-on: https://review.typo3.org/27956
Reviewed-by: Wouter Wolters
Tested-by: Wouter Wolters
Reviewed-by: Helmut Hummel
Tested-by: Helmut Hummel
History
#1 Updated by Gerrit Code Review over 1 year ago
- Status changed from New to Under Review
Patch set 3 for branch master of project Packages/TYPO3.CMS has been pushed to the review server.
It is available at https://review.typo3.org/27956
#2 Updated by Gerrit Code Review over 1 year ago
Patch set 4 for branch master of project Packages/TYPO3.CMS has been pushed to the review server.
It is available at https://review.typo3.org/27956
#3 Updated by Gerrit Code Review over 1 year ago
Patch set 5 for branch master of project Packages/TYPO3.CMS has been pushed to the review server.
It is available at https://review.typo3.org/27956
#4 Updated by Gerrit Code Review over 1 year ago
Patch set 6 for branch master of project Packages/TYPO3.CMS has been pushed to the review server.
It is available at https://review.typo3.org/27956
#5 Updated by Helmut Hummel over 1 year ago
- Status changed from Under Review to Resolved
- % Done changed from 0 to 100
Applied in changeset dfab37ac702f566250bcb4f9cec35da471dafad5.