[TYPO3-team-templavoila] RFC: #17619: Ajax unlink functionality does not respect the formprotection in TYPO3 4.5
Helmut Hummel
helmut.hummel at typo3.org
Sat Jul 2 14:32:08 CEST 2011
Hi Tolleiv,
On 01.07.11 16:02, Tolleiv Nietsch wrote:
> Am 28.06.2011 11:58, schrieb Helmut Hummel:
>>
>> Could you just remove the lines again in the next TV version? Thanks.
>>
>
> Uhm so we take it out in 4.5.3 only but it's back in 4.5.4 ?
A dummy method will be back in 4.5.4, but calling it does nothing but
logging to the deprecation log. So you can safely remove this call from
TV, it is not needed any more for the CSRF protection to work correctly.
Kind regards,
Helmut
--
Helmut Hummel
TYPO3 Security Team Leader, TYPO3 v4 Core Team Member
TYPO3 .... inspiring people to share!
Get involved: typo3.org
More information about the TYPO3-team-templavoila
mailing list