[TYPO3-team-templavoila] RFC: #17619: Ajax unlink functionality does not respect the formprotection in TYPO3 4.5
Helmut Hummel
helmut.hummel at typo3.org
Wed Feb 16 17:10:05 CET 2011
Hi,
This is an SVN patch request.
Type: Bugfix
Bugtracker references:
http://bugs.typo3.org/view.php?id=17619
Branches: trunk, 1.5
Problem:
Because of the formprotection that was introduced in TYPO3 4.5, clicking
delete on an unused element that has just been unlinked, fails with an
error message.
This is because the tokens, that are generated in the Ajax request are
not persisted.
Solution:
Add the persist call.
Note:
If TV should stay compatible with older TYPO3 versions, the call of
course has to be wrapped into a version check, because the
formprotection is not available in older TYPO3 versions.
Kind regards,
Helmut
--
Helmut Hummel
TYPO3 Security Team Leader
TYPO3 .... inspiring people to share!
Get involved: typo3.org
-------------- next part --------------
An embedded and charset-unspecified text was scrubbed...
Name: tv-formprotection.diff
URL: <http://lists.typo3.org/pipermail/typo3-team-templavoila/attachments/20110216/391c75ee/attachment.asc>
More information about the TYPO3-team-templavoila
mailing list