[TYPO3-core] RFC: 17305: Login/ Logout was not possible after introducing the locking in #17289
Helmut Hummel
helmut.hummel at typo3.org
Tue Jan 25 17:57:01 CET 2011
This is an SVN patch request.
Type: Bugfix
Bugtracker references:
http://bugs.typo3.org/view.php?id=17305
Branches:
Trunk
Problem:
The backend formprotection relies on the possibility to store the tokens
in the user session. This is not the case, if a user did not yet login
(the login screen). Since the login screen also uses the template object
and the persistToken calls were moved to this place, we need do decide
whether to validate and store tokens or not.
Solution:
Check if we have a valid BE_USER session and if not provide a dummy
object, which implements the same interface.
Sidenote:
This also fixes #17183 partly by disabling the protection in frontend mode.
Kind regards,
Helmut
--
Helmut Hummel
TYPO3 Security Team Leader
TYPO3 .... inspiring people to share!
Get involved: typo3.org
-------------- next part --------------
An embedded and charset-unspecified text was scrubbed...
Name: 17305.diff
URL: <http://lists.typo3.org/pipermail/typo3-team-core/attachments/20110125/90b72bb0/attachment-0001.asc>
More information about the TYPO3-team-core
mailing list