[TYPO3-core] Documenting new wizards registration API
Helmut Hummel
helmut.hummel at typo3.org
Thu Feb 27 18:44:55 CET 2014
Hi Francois,
On 27.02.14 16:34, François Suter wrote:
> I'm looking at the recent change in wizards registration [1]. As far as
> I can see, it was applied only to edit wizard calls [2]. There are quite
> a few other wizards in the Core (add, colorbox, form, table, t3editor,
> slider, suggest). Are these also affected and should they be changed?
Yes. We're changing them as well. It is part of the Security Workpackage[1]
> Is it just the "popup" type?
Yes. The goal is that we reduce all "entry scripts" (scripts that run by
calling the PHP file in the browser) and make them being dispatched
through mod.php to benefit from the CSRF protection that has been built
in now[2]
> What should I put in the documentation to explain which wizards are
> affected and which not.
All wizards in the core will use this way to be registered in TCA.
It should be documented, that if the wizards are used in own tables, or
new wizards are created, the new way is highly recommended.
Kind regards,
Helmut
[1]http://forge.typo3.org/issues/55066
[2]http://forge.typo3.org/issues/55509
--
Helmut Hummel
Release Manager TYPO3 6.0
TYPO3 Core Developer, TYPO3 Security Team Member
TYPO3 .... inspiring people to share!
Get involved: typo3.org
More information about the TYPO3-team-core
mailing list