typo3/sysext/rsaauth/Resources/Public/JavaScript/RsaEncryptionModule.js · 2ffb2e7e2c3b3b022fffa91ec010b83d3f0e7bf6 · TYPO3 / TYPO3.CMS

[BUGFIX] Enforce RSA encryption for re-login modal · 2ffb2e7e

Helmut Hummel authored Aug 14, 2016

The RsaEncryption and the LoginRefresh module are loaded
independently by requireJS, which means they are loaded
asynchronous. This means that either one of those modules
is initialized first.

However the RsaEncryption module scans the DOM for form elements
and the LoginRefresh inserts a form. This means if the RsaEncryption
is initialized first, then the form created by LoginRefresh
will not be intercepted, leading to the (heisen-)bug described.

This change enforces the loading order by adding the RsaEncryption
as dependency to LoginRefresh and registering the form manually,
to make sure it will be intercepted and passwords
will transmitted encrypted.

Resolves: #75911
Releases: 7.6, master
Change-Id: Ib4aba70b3545f163a16a4eee62bed9e5a48b2fe7
Reviewed-on: https://review.typo3.org/49478


Tested-by: Bamboo TYPO3com <info@typo3.com>
Reviewed-by: Andreas Fernandez <typo3@scripting-base.de>
Tested-by: Andreas Fernandez <typo3@scripting-base.de>

2ffb2e7e