[TYPO3-v4] Announcing TYPO3 4.5rc2
Helmut Hummel
helmut.hummel at typo3.org
Tue Jan 25 21:12:17 CET 2011
Hi,
Am 25.01.2011 12:48, schrieb Kay Strobach:
> with
> http://bugs.typo3.org/view.php?id=17247
> there is still a blocker in the bugrepository :(
>
> Perhaps the CRUD XSRF Protection should be scheduled until 4.6.
>
> I was not able to deleted a typoscript template with the listmodule in
> rc2 :( and got
>
> Validating the security token of this form has failed. Please
> reload the form and submit it again.
>
> Opening the record and deleting it in the tce form worked well ;)
>
> Also some extensions using extdirect datastores don't work as expected :(
As mentioned in the bugtracker, the extdirect stuff should be fixable,
but normal forms are not.
There are 2 options:
1. Reload the whole backend after refreshed login
2. Inject a new token for the Ext stuff.
Both have disadvantages:
1.
All changes I made before going to a 1h coffe break without saving are
lost, after refreshing my login.
2.
I see my form with the changes I made before my login timed out, but I
will not be able to save it, because the tokes that were generate 1h ago
are invalid now.
To me option 1 seems cleaner than having a half working backend.
Kind regards,
Helmut
--
Helmut Hummel
TYPO3 Security Team Leader
TYPO3 .... inspiring people to share!
Get involved: typo3.org
More information about the TYPO3-project-v4
mailing list