[TYPO3-mvc] Upgrading an application from Extbase 1.3
Bastian Waidelich
bastian at typo3.org
Fri Apr 27 09:44:14 CEST 2012
Helmut Hummel wrote:
Hi Helmut & François,
>> [...] i.e. anyone sending a properly crafted request can
>> change any property of any object?
> Exactly that.
Just for completeness: This is true as long as one has access to an
updating action that accepts the target type.
In previous versions this was circumvented with an HMAC [1] that Fluid
creates transparently. Unfortunately the implementation had some
glitches, but I hope that we can get a similar mechanism back sometime soon.
In the meantime note that the new property mapper *is not active* by
default for exact that reason!
@François The list of breaking changes [2] should help you to get your
extbase extensions updated. If you didn't access too many non-API
methods (see [3]) this should work pretty trouble-free. Let us know, if
that's not the case.
[1] http://en.wikipedia.org/wiki/Hmac
[2] http://forge.typo3.org/projects/typo3v4-mvc/wiki/Breaking_Changes
[3] http://forge.typo3.org/projects/typo3v4-mvc/wiki/Public_API
Best,
--
Bastian Waidelich
TYPO3 Core Team Member
TYPO3 .... inspiring people to share!
Get involved: typo3.org
More information about the TYPO3-project-typo3v4mvc
mailing list