[TYPO3-dev] Banned when redirecting to a form in the back-end

Diego dpino at igalia.com
Mon Jun 27 12:31:22 CEST 2011


Hello,

I'm having an issue with redirecting from a form in the BE to another
form. I'm developing an extension that eases the process of translating
contents, any type of content (this extension is called gl_transstat,
and it's already published in the TER although at this moment is a bit
broken). The extension lists all the elements in that page and provides
link to translate those contents to the languages available in the
system (English, German, Spanish, etc).

So, basically what I do is to compose for each element the same link
that would enable me to localize a content in the 'List' view.

In the example below, I using the extension to translate elements of
type: tt_commerce_manufacturers (from the tt_commerce extension). In the
list view, the link to localize a tt_commerce_manufacturer to a target
language would be:

http://localhost/<website>/typo3/tce_db.php?&cmd[tx_commerce_manufacturer][386][localize]=7&redirect=mod.php%3F%26M%3Dweb_list%26id%3D74%26justLocalized%3Dtx_commerce_manufacturer%253A386%253A7&vC=175e66cfc0&formToken=080e9aafae0f54e8b3f21c4e05a4105d6394c70c&prErr=1&uPT=1

An this is the link generated from my extension:

typo3/tce_db.php?&cmd[pages_language_overlay][386][localize]=7&redirect=mod.php%3F%26M%3Dweb_list%26id%3D0%26justLocalized%3Dpages_language_overlay%253A386%253A7&vC=1&prErr=1&uPT=1&formToken=1b29258a75ebd81456a93b24938b49aad2c9dace

This how I generated vC and formToken:

$formToken = t3lib_formprotection_Factory::get()
   ->generateToken('tx_commerce_manufacturer', 'edit', $uid);
$veriCode = $GLOBALS['BE_USER']->veriCode();

So, in conclusion, I compose the same link in my extension. When
clicking that link from the extension, it redirects to the form for
localizing that element, however, as soon as the page is loaded, it
seems I'm forbidding to access that page and I immediately redirect to
the root page of the page tree. Interestingly, If I copy that very same
link and open it directly in a new tab, it works.

I traced the code and even monitored the http headers with wireshark,
and the only thing I could see different was the 'Referer'. So I was
wondering if this redirection has to do with any security mechanism
implemented in the system I'm not aware of. Thinking it may have to do
with the referer I set TYPO_CONF_VARS['sys']['doNotCheckReferer'] = 1,
but got the same result.

I don't know what else to try. Any hints will be highly appreciated, thanks!

Regards,

Diego




More information about the TYPO3-dev mailing list