[TYPO3-v4] Announcing TYPO3 4.5rc2

Helmut Hummel helmut.hummel at typo3.org
Tue Jan 25 21:12:17 CET 2011


Hi,

Am 25.01.2011 12:48, schrieb Kay Strobach:

> with
> http://bugs.typo3.org/view.php?id=17247
> there is still a blocker in the bugrepository :(
>
> Perhaps the CRUD XSRF Protection should be scheduled until 4.6.
>
> I was not able to deleted a typoscript template with the listmodule in
> rc2 :( and got
>
> 	Validating the security token of this form has failed. Please
> 	reload the form and submit it again.
>
> Opening the record and deleting it in the tce form worked well ;)
>
> Also some extensions using extdirect datastores don't work as expected :(

As mentioned in the bugtracker, the extdirect stuff should be fixable, 
but normal forms are not.

There are 2 options:

1. Reload the whole backend after refreshed login
2. Inject a new token for the Ext stuff.

Both have disadvantages:

1.
All changes I made before going to a 1h coffe break without saving are 
lost, after refreshing my login.

2.
I see my form with the changes I made before my login timed out, but I 
will not be able to save it, because the tokes that were generate 1h ago 
are invalid now.

To me option 1 seems cleaner than having a half working backend.

Kind regards,
Helmut

-- 
Helmut Hummel
TYPO3 Security Team Leader

TYPO3 .... inspiring people to share!
Get involved: typo3.org


More information about the TYPO3-project-v4 mailing list