[TYPO3-core] RFC: #17189: CSRF protection in Template module
Helmut Hummel
helmut.hummel at typo3.org
Fri Jan 21 22:55:43 CET 2011
On 21.01.11 17:25, Helmut Hummel wrote:
> Hi Georg,
>
> Am 21.01.2011 11:50, schrieb Georg Ringer:
>>
>> Problem:
>> The template module doesn't currently use the new CSRF protection
>
> Good Catch!
>
>> Solution:
>> CSRF protection for the constant editor, info module and object browser
>
> +1 by reading.
By having a closer look, I revoke my +1
> Now going to test...
It's incomplete. It does not break something, but needs to be improved.
I try to come up with a better solution.
Kind regards,
Helmut
--
Helmut Hummel
TYPO3 Security Team Leader
TYPO3 .... inspiring people to share!
Get involved: typo3.org
More information about the TYPO3-team-core
mailing list