[TYPO3-core] RFC: #16439: Use the form protection API to implement a CSRF protection (1)
Ernesto Baschny [cron IT]
ernst at cron-it.de
Thu Nov 18 04:08:21 CET 2010
Ernesto Baschny [cron IT] schrieb am 18.11.2010 04:06:
> Hi,
>
> attached patch was committed to trunk, because else the intro package
> wouldn't work on the last step: It makes an instance of a be_user to use
> $tce to clear cache, and since there is no BE_SESSION the logoff()
> routine drops in. This then throws the exception because of the new form
> protection that does not expect this. So check if there is a BE_SESSION
> before killing the form protection.
rev. 9484
More information about the TYPO3-team-core
mailing list