[TYPO3-core] RFC: #17153: Protect C(R)UD actions against CSRF
Stefan Galinski
sgalinski at df.eu
Thu Jan 20 22:00:54 CET 2011
Helmut Hummel wrote:
> * extDirect router (This affects all Ext modules doing CRUD actions)
>
> Please test as much as you can, including the following:
Hi Helmut,
It seems that you better tested your code than me. ;-)
Attached is a follow-up fix for your patch, that fixes the missing security
token for forms and file uploads submitted by ExtJS. This can be tested with
the import extension feature of the EM.
--
Stefan Galinski
staatl. geprüfter Informatiktechniker
-------------- next part --------------
A non-text attachment was scrubbed...
Name: extDirectUploadsAndForms.diff
Type: text/x-patch
Size: 1158 bytes
Desc: not available
URL: <http://lists.typo3.org/pipermail/typo3-team-core/attachments/20110120/0743ef80/attachment-0001.bin>
More information about the TYPO3-team-core
mailing list