[TYPO3-core] RFC: #16439: Use the form protection API to implement a CSRF protection (1)
Helmut Hummel
helmut at typo3.org
Wed Nov 17 11:06:53 CET 2010
Hi,
On 17.11.10 10:43, François Suter wrote:
>
>> Until the next beta releases I want to convert all backend modules to
>> use the dispatcher, so that the some of the initialisation and token
>> persisting can be done in a central place.
>
> Note that there's already a pending patch by Steffen Kamper for this.
Actually, it was my patch :)
> However it got stuck with db_list, which required some special handling
> and the RFC about that particular problem got bogged down in
> discussions.
The discussion was only about where the linking method belongs to.
Should be a minor thing. I will come up with a solution for this.
> However I would support progress on this topic for beta2,
> as changing all BE modules to use the dispatcher mechanism also reduces
> the inclusions of typo3/init.php, thus reducing the risks of
> interferences when changing something in that script.
Yepp. Thanks for your support.
Regards Helmut
More information about the TYPO3-team-core
mailing list