[FEATURE] Add API to CSRF protect Ajax calls in Backend
This change adds API to register Ajax ids with their handler and to get an Ajax URL for a specific AjaxID. A token check is added to the ajax.php dispatcher script. To stay backwards compatible, the token is only checked, if the AjaxId is registered not using the new API. The new API will be used by TYPO3 core in consecutive changes. Resolves: #56345 Documentation: #56347 Releases: 6.2 Change-Id: I188a9312b0f4239040e461ba09dc9c8f2b93a68b Reviewed-on: https://review.typo3.org/27873 Reviewed-by: Wouter Wolters Reviewed-by: Anja Leichsenring Tested-by: Anja Leichsenring Reviewed-by: Markus Klein Tested-by: Markus Klein Reviewed-by: Helmut Hummel Tested-by: Helmut Hummel
Showing
- NEWS.md 13 additions, 0 deletionsNEWS.md
- typo3/ajax.php 28 additions, 4 deletionstypo3/ajax.php
- typo3/sysext/backend/Classes/Utility/BackendUtility.php 29 additions, 6 deletionstypo3/sysext/backend/Classes/Utility/BackendUtility.php
- typo3/sysext/core/Classes/Utility/ExtensionManagementUtility.php 14 additions, 2 deletions...ysext/core/Classes/Utility/ExtensionManagementUtility.php
Please register or sign in to comment