[!!!][SECURITY] Add CSRF protection to mod.php
Add a token check in mod.php and token generation to BackendUtility::getModuleUrl() Adapt code to use BackendUtility::getModuleUrl() in every place where links are hardcoded. Releases: 6.2 Resolves: #55509 Change-Id: I952c40fc1004a0a8d77c929927d37e1d93dcfef4 Reviewed-on: https://review.typo3.org/27636 Reviewed-by: Wouter Wolters Tested-by: Wouter Wolters Reviewed-by: Markus Klein Tested-by: Markus Klein Reviewed-by: Helmut Hummel Tested-by: Helmut Hummel
Showing
- typo3/mod.php 9 additions, 5 deletionstypo3/mod.php
- typo3/sysext/backend/Classes/Controller/BackendController.php 1 addition, 1 deletion...3/sysext/backend/Classes/Controller/BackendController.php
- typo3/sysext/backend/Classes/Module/ModuleLoader.php 3 additions, 2 deletionstypo3/sysext/backend/Classes/Module/ModuleLoader.php
- typo3/sysext/backend/Classes/Search/LiveSearch/LiveSearch.php 2 additions, 2 deletions...3/sysext/backend/Classes/Search/LiveSearch/LiveSearch.php
- typo3/sysext/backend/Classes/Utility/BackendUtility.php 8 additions, 5 deletionstypo3/sysext/backend/Classes/Utility/BackendUtility.php
- typo3/sysext/backend/Classes/View/ModuleMenuView.php 6 additions, 1 deletiontypo3/sysext/backend/Classes/View/ModuleMenuView.php
- typo3/sysext/backend/Resources/Public/JavaScript/notifications.js 30 additions, 20 deletions...sext/backend/Resources/Public/JavaScript/notifications.js
- typo3/sysext/beuser/Classes/Controller/BackendUserController.php 2 additions, 1 deletion...ysext/beuser/Classes/Controller/BackendUserController.php
- typo3/sysext/cshmanual/Classes/Controller/HelpModuleController.php 17 additions, 11 deletions...ext/cshmanual/Classes/Controller/HelpModuleController.php
- typo3/sysext/dbal/Classes/Controller/ModuleController.php 1 addition, 1 deletiontypo3/sysext/dbal/Classes/Controller/ModuleController.php
- typo3/sysext/extbase/Classes/Mvc/Web/Routing/UriBuilder.php 5 additions, 1 deletiontypo3/sysext/extbase/Classes/Mvc/Web/Routing/UriBuilder.php
- typo3/sysext/extbase/Classes/Utility/ExtensionUtility.php 0 additions, 1 deletiontypo3/sysext/extbase/Classes/Utility/ExtensionUtility.php
- typo3/sysext/extbase/Tests/Unit/Mvc/Web/Routing/UriBuilderTest.php 16 additions, 11 deletions...ext/extbase/Tests/Unit/Mvc/Web/Routing/UriBuilderTest.php
- typo3/sysext/impexp/Classes/Task/ImportExportTask.php 2 additions, 1 deletiontypo3/sysext/impexp/Classes/Task/ImportExportTask.php
- typo3/sysext/install/Classes/Report/InstallStatusReport.php 2 additions, 1 deletiontypo3/sysext/install/Classes/Report/InstallStatusReport.php
- typo3/sysext/openid/Classes/OpenidModuleSetup.php 4 additions, 3 deletionstypo3/sysext/openid/Classes/OpenidModuleSetup.php
- typo3/sysext/openid/ext_tables.php 4 additions, 2 deletionstypo3/sysext/openid/ext_tables.php
- typo3/sysext/openid/wizard/conf.php 1 addition, 1 deletiontypo3/sysext/openid/wizard/conf.php
- typo3/sysext/reports/Classes/Report/Status/SecurityStatus.php 3 additions, 2 deletions...3/sysext/reports/Classes/Report/Status/SecurityStatus.php
- typo3/sysext/sys_action/Classes/ActionTask.php 13 additions, 5 deletionstypo3/sysext/sys_action/Classes/ActionTask.php
Please register or sign in to comment