[SECURITY] Protect core Ajax calls against CSRF
The backend ajax handler that are directly registered in DefaultConfiguration.php are now CSRF protected if necessary. Resolves: #56356 Releases: 6.2 Change-Id: Ia592f7f2b51c20326600b97d2ce10a5e5fdbfde7 Reviewed-on: https://review.typo3.org/27877 Reviewed-by: Wouter Wolters Tested-by: Wouter Wolters Reviewed-by: Markus Klein Tested-by: Markus Klein
Showing
- typo3/js/tree.js 7 additions, 5 deletionstypo3/js/tree.js
- typo3/sysext/backend/Classes/Controller/BackendController.php 12 additions, 1 deletion...3/sysext/backend/Classes/Controller/BackendController.php
- typo3/sysext/backend/Classes/Form/Element/InlineElement.php 1 addition, 0 deletionstypo3/sysext/backend/Classes/Form/Element/InlineElement.php
- typo3/sysext/backend/Classes/Form/FormEngine.php 16 additions, 2 deletionstypo3/sysext/backend/Classes/Form/FormEngine.php
- typo3/sysext/backend/Classes/Template/DocumentTemplate.php 2 additions, 0 deletionstypo3/sysext/backend/Classes/Template/DocumentTemplate.php
- typo3/sysext/backend/Classes/Toolbar/ShortcutToolbarItem.php 5 additions, 0 deletionstypo3/sysext/backend/Classes/Toolbar/ShortcutToolbarItem.php
- typo3/sysext/backend/Resources/Public/JavaScript/DragUploader.js 2 additions, 3 deletions...ysext/backend/Resources/Public/JavaScript/DragUploader.js
- typo3/sysext/backend/Resources/Public/JavaScript/jsfunc.inline.js 2 additions, 2 deletions...sext/backend/Resources/Public/JavaScript/jsfunc.inline.js
- typo3/sysext/backend/Resources/Public/JavaScript/jsfunc.tceforms_suggest.js 2 additions, 2 deletions...nd/Resources/Public/JavaScript/jsfunc.tceforms_suggest.js
- typo3/sysext/backend/Resources/Public/JavaScript/modulemenu.js 2 additions, 2 deletions.../sysext/backend/Resources/Public/JavaScript/modulemenu.js
- typo3/sysext/backend/Resources/Public/JavaScript/shortcutmenu.js 9 additions, 11 deletions...ysext/backend/Resources/Public/JavaScript/shortcutmenu.js
- typo3/sysext/core/Configuration/DefaultConfiguration.php 95 additions, 23 deletionstypo3/sysext/core/Configuration/DefaultConfiguration.php
- typo3/sysext/filelist/Classes/Controller/FileListController.php 1 addition, 0 deletions...sysext/filelist/Classes/Controller/FileListController.php
- typo3/sysext/frontend/Classes/Controller/ExtDirectEidController.php 2 additions, 2 deletions...xt/frontend/Classes/Controller/ExtDirectEidController.php
- typo3/sysext/recordlist/Classes/Browser/ElementBrowser.php 2 additions, 0 deletionstypo3/sysext/recordlist/Classes/Browser/ElementBrowser.php
- typo3/sysext/rtehtmlarea/Classes/BrowseLinks.php 3 additions, 0 deletionstypo3/sysext/rtehtmlarea/Classes/BrowseLinks.php
- typo3/sysext/rtehtmlarea/Classes/SelectImage.php 3 additions, 0 deletionstypo3/sysext/rtehtmlarea/Classes/SelectImage.php
Please register or sign in to comment