[FLOW3-general] Paginate Viewhelper
Thomas Plessis
t.plessis at totemnumerique.com
Tue Jun 26 11:44:43 CEST 2012
Oh, ok! Thx Bastian, really helpful!
Cheers,
Thomas Plessis
Développeur multimédia
--
TOTEMnumerique
9, Place St Étienne
31000 Toulouse
T. 05 61 14 64 54
F. 05 61 14 64 55
Le 26 juin 2012 à 11:06, Bastian Waidelich a écrit :
> Peter Russ wrote:
>
>>> Yes. the CSRF token is not appended for sub requests which is the case
>>> in plugins & widgets.
>>
>> Sorry for confusion: This thread is titled "Paginate Viewhelper" and not
>> "CSFR Protection". So I'm wondering wether the issue id is correct or
>> the title.
>
>
> No problem. This issue affects the pagination widget among others. So both is correct probably ;)
>
> By the way: This needs to be fixed, but this won't be an easy task. As a work around add
> @FLOW3\SkipCsrfProtection
> to the affected actions.
> Remember the CSRF token is there to prevent someone from sending you a link that submits/changes data on the server with your permission level. So usually that is only relevant for "writing" actions (and those shouldn't contain pagination).
>
> Best
>
>
> --
> Bastian Waidelich
> TYPO3 Core Team Member
>
> TYPO3 .... inspiring people to share!
> Get involved: typo3.org
>
>
> _______________________________________________
> FLOW3-general mailing list
> FLOW3-general at lists.typo3.org
> http://lists.typo3.org/cgi-bin/mailman/listinfo/flow3-general
More information about the FLOW3-general
mailing list