[Flow] Can't update abstract models anymore

[Steffen Wickham]

It's me again ;)

I had a look into the source of the FormViewHelper as I'm interessted in
the further implementation of CSRF protection. There is method which
adds the token to a hidden field. I think it is important to add these
behaviour to Uri ViewHelper as well as many people will use AJAX to
transfer data. Is it an acceptable way to add to the uri viewhelper or
should we take care of persistance manually. If it's acceptable, I'm
consent to develop these feature and supply a patch for it.

Greetings
Steffen



Am 02.05.13 15:36, schrieb Steffen Wickham:
> Hello Bastian,
>
> you're absolutly right. I forgot that this behaviour changed in the last
> commits. Shame on me and thank you very much for your answer!
>
> Please allow me to ask a furthser question: Is the csrf token used
> anymore and if yes, where is it used?
> For me it seems that no csrf token is used anymore. Is this normal
> behaviour for the 2.0 version or will it change till official release? I
> think it's an important security feature which has been removed indeed.
> Even for policy protected methods (e.g. new/edit methods) they are
> disabled right now.... :-/
>
> Best regards
> Steffen
>
>
>
> Am 02.05.13 14:37, schrieb Bastian Waidelich:
>> Steffen Wickham wrote:
>>
>> Hi Steffen,
>>
>>> I'd discovered some strange behaviour on Flow after the latest
>>> dev-master update [...]
>>> [...]surprisingly I can't update items
>>> through the Repository which is a mandatory feature. :,(
>> Are you trying to update the entity in a GET request?
>> In that case the issue could be related to
>> https://review.typo3.org/#/c/19989/
>>
>> Otherwise it might be one of the other recent breaking changes, see [2]
>>
>> HTH
>>
>> [1]
>> https://review.typo3.org/#/q/status:merged+project:FLOW3/Packages/TYPO3.FLOW3+branch:master+message:%22!!!%22,n,z
>>
>>
> _______________________________________________
> Flow mailing list
> Flow at lists.typo3.org
> http://lists.typo3.org/cgi-bin/mailman/listinfo/flow