[TYPO3-core] RFC: #17383: Open forms cannot be saved after "Relogin" (Security Token errors)
Helmut Hummel
helmut.hummel at typo3.org
Mon Feb 21 13:07:17 CET 2011
Hi Steffen,
thanks for your review.
Steffen Kamper wrote:
> here a first review from reading
>
> JS
> ==
>
> * there is an extra coma at the end
I will remove that.
> * I don't like the frame definition with the window object. We have
> shortcuts
> top.list = content frame
> top.nav = navigation frame
OK. I didn't knew that. Technically it's the same, but my version is
more "hardcoded", right?
> * the better check for (navigationFrame !== undefined) is
> if (Ext.isObject(navigationFrame))
Since everything in JS is an object, I can use isObject every time I
used '!== undefined', right?
I will provide an updated patch this evening.
> PHP
> ===
>
> isAuthorizedBackendSession
> should read
> isAuthorizedBackendUser
Hm, to me it's pretty much the same. I used "isAuthorizedBackendSession"
in the formprotection already.
If you insist, we should change that in the other places, too.
> Now testing: how to test, how to force token replace?
* Open list view (or edit a record)
* Delete the be_user cookie and wait for the password promt
* Relogin and Submit the form or click on an action (like move record,
delete record)
Kind regards,
Helmut
--
Helmut Hummel
TYPO3 Security Team Leader
TYPO3 .... inspiring people to share!
Get involved: typo3.org
More information about the TYPO3-team-core
mailing list