[TYPO3-core] RFC #10639: Integration of mass file uploader
Oliver Hader
oliver at typo3.org
Sun May 3 13:51:56 CEST 2009
Hi Benni,
Benjamin Mack schrieb:
> Hey Olly,
>
> On 17.04.2009 19:41 Uhr, Oliver Hader wrote:
>> some remarks (as already partly pointed out in this thread):
>> * the hashLockClause is not available when the user agent is "Flash" -
>> this means, that one could use this user agent to perform backend
>> actions without checking against the user agent that created the session
>> -> I'd like to see some kind of registry that allows to disable this
>> check for the actions only
> can you help me out here? I know the problem however I don't have a good
> solution at hand. thanks!
>
> Most of the other (big) issues have been fixed, UI has been updated as
> well. Once I have this session problem done, I'll submit a new patch.
Find the modified version of t3lib_userauth only attached. Now it checks
whether the user agent is "flash" and the request arrived via an
registered AJAX handler.
A really flexible solution would allow extensions to register themselves
- however this needs some more thinking. But for the mass file uploader
that way works pretty good and is enough.
olly
--
Oliver Hader
TYPO3 Release Manager 4.3
-------------- next part --------------
An embedded and charset-unspecified text was scrubbed...
Name: 0010639_v10_userauth.patch
Url: http://lists.netfielders.de/pipermail/typo3-team-core/attachments/20090503/1933ace6/attachment.txt
More information about the TYPO3-team-core
mailing list