[BUGFIX] Abandon one time CSRF tokens
Abandon the extra security feature of having one time tokens and create tokens which are valid during a whole login session. Additionally create only one random token, store it in the session and create the real URL and form tokens by hashing the scope strings with the secret session token. To enable re-login, store the session token in the registry and retrieve it in case a re-login happens. Thanks to Marion Eher (Bluechip.at) for sponsoring this fix with 75 beers during the bug auction at T3BOARD11. Resolves: #25359 Change-Id: If37990fbc1ae3701777e8218cc1bc8760a4d6a55 Releases: 4.6, 4.5 Reviewed-on: http://review.typo3.org/1364 Reviewed-by: Helmut Hummel Tested-by: Helmut Hummel
Showing
- t3lib/class.t3lib_befunc.php 1 addition, 1 deletiont3lib/class.t3lib_befunc.php
- t3lib/class.t3lib_pagerenderer.php 1 addition, 1 deletiont3lib/class.t3lib_pagerenderer.php
- t3lib/class.t3lib_tceforms.php 1 addition, 1 deletiont3lib/class.t3lib_tceforms.php
- t3lib/formprotection/class.t3lib_formprotection_abstract.php 50 additions, 139 deletionst3lib/formprotection/class.t3lib_formprotection_abstract.php
- t3lib/formprotection/class.t3lib_formprotection_backendformprotection.php 71 additions, 119 deletions...tion/class.t3lib_formprotection_backendformprotection.php
- t3lib/formprotection/class.t3lib_formprotection_disabledformprotection.php 2 additions, 2 deletions...ion/class.t3lib_formprotection_disabledformprotection.php
- t3lib/formprotection/class.t3lib_formprotection_factory.php 10 additions, 11 deletionst3lib/formprotection/class.t3lib_formprotection_factory.php
- t3lib/formprotection/class.t3lib_formprotection_installtoolformprotection.php 11 additions, 34 deletions.../class.t3lib_formprotection_installtoolformprotection.php
- tests/t3lib/formprotection/class.t3lib_formprotection_AbstractTest.php 13 additions, 129 deletions...ormprotection/class.t3lib_formprotection_AbstractTest.php
- tests/t3lib/formprotection/class.t3lib_formprotection_BackendFormProtectionTest.php 25 additions, 61 deletions.../class.t3lib_formprotection_BackendFormProtectionTest.php
- tests/t3lib/formprotection/class.t3lib_formprotection_InstallToolFormProtectionTest.php 16 additions, 31 deletions...ss.t3lib_formprotection_InstallToolFormProtectionTest.php
- tests/t3lib/formprotection/fixtures/class.t3lib_formprotection_testing.php 4 additions, 34 deletions...rotection/fixtures/class.t3lib_formprotection_testing.php
- typo3/alt_clickmenu.php 0 additions, 1 deletiontypo3/alt_clickmenu.php
- typo3/classes/class.ajaxlogin.php 4 additions, 42 deletionstypo3/classes/class.ajaxlogin.php
- typo3/classes/class.clearcachemenu.php 0 additions, 2 deletionstypo3/classes/class.clearcachemenu.php
- typo3/index.php 4 additions, 4 deletionstypo3/index.php
- typo3/js/clearcachemenu.js 0 additions, 4 deletionstypo3/js/clearcachemenu.js
- typo3/js/loginrefresh.js 0 additions, 92 deletionstypo3/js/loginrefresh.js
- typo3/logout.php 2 additions, 1 deletiontypo3/logout.php
- typo3/sysext/install/mod/class.tx_install.php 0 additions, 2 deletionstypo3/sysext/install/mod/class.tx_install.php
Please register or sign in to comment