[TYPO3-core] Documenting new wizards registration API

Helmut Hummel helmut.hummel at typo3.org
Thu Feb 27 18:44:55 CET 2014

Hi Francois,

On 27.02.14 16:34, François Suter wrote:
> I'm looking at the recent change in wizards registration [1]. As far as
> I can see, it was applied only to edit wizard calls [2]. There are quite
> a few other wizards in the Core (add, colorbox, form, table, t3editor,
> slider, suggest). Are these also affected and should they be changed?

Yes. We're changing them as well. It is part of the Security Workpackage[1]

> Is it just the "popup" type?

Yes. The goal is that we reduce all "entry scripts" (scripts that run by 
calling the PHP file in the browser) and make them being dispatched 
through mod.php to benefit from the CSRF protection that has been built 
in now[2]

> What should I put in the documentation to explain which wizards are
> affected and which not.

All wizards in the core will use this way to be registered in TCA.
It should be documented, that if the wizards are used in own tables, or 
new wizards are created, the new way is highly recommended.

Kind regards,

Helmut Hummel
Release Manager TYPO3 6.0
TYPO3 Core Developer, TYPO3 Security Team Member

TYPO3 .... inspiring people to share!
Get involved: typo3.org

More information about the TYPO3-team-core mailing list