[!!!][SECURITY] Remove old wizard scripts
Keeping the old wizard script would not solve the CSRF attack vector as they could still be referenced in this kind of attack. Because of that, we remove them now. This change provides a backwards compatibility layer in FormsEngine which takes care of rewriting URLs which have been referenced in TCA. Also the priority is changed in code. This means that extension authors can reference both configurations to stay compatible with older TYPO3 versions. It will however break code which link to the old scripts directly in other places. Resolves: #56454 Releases: 6.2 Change-Id: I15f5d929f16fdd53a8b87cd32440a3d6ce59b6ed Reviewed-on: https://review.typo3.org/27956 Reviewed-by: Wouter Wolters Tested-by: Wouter Wolters Reviewed-by: Helmut Hummel Tested-by: Helmut Hummel
Showing
- typo3/sysext/backend/Classes/Form/FormEngine.php 35 additions, 10 deletionstypo3/sysext/backend/Classes/Form/FormEngine.php
- typo3/wizard_add.php 0 additions, 39 deletionstypo3/wizard_add.php
- typo3/wizard_colorpicker.php 0 additions, 42 deletionstypo3/wizard_colorpicker.php
- typo3/wizard_edit.php 0 additions, 37 deletionstypo3/wizard_edit.php
- typo3/wizard_forms.php 0 additions, 40 deletionstypo3/wizard_forms.php
- typo3/wizard_list.php 0 additions, 39 deletionstypo3/wizard_list.php
- typo3/wizard_rte.php 0 additions, 41 deletionstypo3/wizard_rte.php
- typo3/wizard_table.php 0 additions, 42 deletionstypo3/wizard_table.php
Please register or sign in to comment