Bug #58138
CSRF with registerModule and navFrameScript
| Status: | Resolved | Start date: | 2014-04-23 | |
|---|---|---|---|---|
| Priority: | Must have | Due date: | ||
| Assigned To: | Helmut Hummel | % Done: | 100% |
|
| Category: | - | Spent time: | - | |
| Target version: | - | |||
| TYPO3 Version: | 6.2 | Is Regression: | No | |
| PHP Version: | 5.4 | Sprint Focus: | ||
| Complexity: |
Description
How to use \TYPO3\CMS\Extbase\Utility\ExtensionUtility::registerModule with navFrameScript parameter?
It does not work, as the modules are loaded before the BE_USER, so BackendUtility::getModuleUrl does only retrieve a "dummyToken".
May you help me out?
Related issues
Associated revisions
[TASK] Add possibility to register a module as navigation
While implementing CSRF protection for backend modules,
it was forgotten to implement a solution for navigation components
that also could be modules.
Add this possibility now by introducing yet another
configuration option for modules.
Resolves: #58138
Documentation: #59369
Releases: 6.3, 6.2
Change-Id: I6655ad11cbf8a13c7d1182c9635cf2745183fb49
Reviewed-on: https://review.typo3.org/30593
Reviewed-by: Markus Klein
Tested-by: Markus Klein
Reviewed-by: Frans Saris
Tested-by: Frans Saris
Reviewed-by: Anja Leichsenring
Tested-by: Anja Leichsenring
[TASK] Add possibility to register a module as navigation
While implementing CSRF protection for backend modules,
it was forgotten to implement a solution for navigation components
that also could be modules.
Add this possibility now by introducing yet another
configuration option for modules.
Resolves: #58138
Documentation: #59369
Releases: 6.3, 6.2
Change-Id: I6655ad11cbf8a13c7d1182c9635cf2745183fb49
Reviewed-on: http://review.typo3.org/32676
Reviewed-by: Anja Leichsenring <aleichsenring@ab-softlab.de>
Tested-by: Anja Leichsenring <aleichsenring@ab-softlab.de>
History
#1 Updated by Helmut Hummel about 1 year ago
- Status changed from New to Needs Feedback
You want to have a custom navFrame, right? How does the URL to your navigation must look like? is it mod.php?M=<moduleName> ... ?
Can you also show me how you tried to register this navigation component?
Thanks
#2 Updated by Falk Aaron about 1 year ago
'navFrameScript' => BackendUtility::getModuleUrl('RolRkchannelRkchannel_RolRkchannelM3', array('tx_rolrkchannel_rolrkchannelrkchannel_rolrkchannelm3[action]'=> 'tree'))
Thats how i configure the navFrameScript. It's not working like that.
#3 Updated by Helmut Hummel about 1 year ago
- Status changed from Needs Feedback to Accepted
#4 Updated by Gerrit Code Review about 1 year ago
- Status changed from Accepted to Under Review
Patch set 1 for branch master of project Packages/TYPO3.CMS has been pushed to the review server.
It is available at https://review.typo3.org/30593
#5 Updated by Helmut Hummel about 1 year ago
Falk Aaron wrote:
'navFrameScript' => BackendUtility::getModuleUrl('RolRkchannelRkchannel_RolRkchannelM3', array('tx_rolrkchannel_rolrkchannelrkchannel_rolrkchannelm3[action]'=> 'tree'))
Thats how i configure the navFrameScript. It's not working like that.
Please check the patch in the review system.
Apply the patch and configure the navigation as follows:
'navigationFrameModule' name of the module that is loaded in the navigation frame
'navigationFrameModuleParamters' additional parameters (if needed and specified)
#6 Updated by Gerrit Code Review about 1 year ago
Patch set 2 for branch master of project Packages/TYPO3.CMS has been pushed to the review server.
It is available at https://review.typo3.org/30593
#7 Updated by Gerrit Code Review about 1 year ago
Patch set 3 for branch master of project Packages/TYPO3.CMS has been pushed to the review server.
It is available at https://review.typo3.org/30593
#8 Updated by Helmut Hummel about 1 year ago
- Status changed from Under Review to Resolved
- % Done changed from 0 to 100
Applied in changeset f8b88c848b41da7f52d261d3f4479bd2f9b49435.
#9 Updated by Gerrit Code Review 11 months ago
- Status changed from Resolved to Under Review
Patch set 1 for branch TYPO3_6-2 of project Packages/TYPO3.CMS has been pushed to the review server.
It is available at http://review.typo3.org/32676
#10 Updated by Helmut Hummel 11 months ago
- Status changed from Under Review to Resolved
Applied in changeset 3955abcef1fb3434e6555c134d411a7ff0a340ef.