[TASK] Remove redundant CSRF protection tokens and deprecate used methods (dfdfc9c9) · Commits · TYPO3 / TYPO3.CMS

Commit dfdfc9c9 authored 9 years ago by

Helmut Hummel Committed by Markus Klein 9 years ago

[TASK] Remove redundant CSRF protection tokens and deprecate used methods

The CSRF tokens for edit document and tce actions were introduced,
to protect these entry scripts. Since the entry scripts are removed now
and any entry point is protected with a CSRF token by default, we do not need
these additional tokens any more.

The helper methods can now also be deprecated and the check for the tokens
is removed in the controllers.

Please note that in the deprecated.php the tokens still must be checked, as
third party modules still might generate URLs to the old entry scripts and
we want to have this deprecated entry point still be protected.

Resolves: #69562
Releases: master
Change-Id: I9df443c7fcb4c7db4f7f682d3643b780480ed5de
Reviewed-on: http://review.typo3.org/43069


Reviewed-by: Wouter Wolters <typo3@wouterwolters.nl>
Tested-by: Wouter Wolters <typo3@wouterwolters.nl>
Reviewed-by: Christian Kuhn <lolli@schwarzbu.ch>
Reviewed-by: Markus Klein <markus.klein@typo3.org>
Tested-by: Markus Klein <markus.klein@typo3.org>

parent b5a1d42c

Hide whitespace changes

Inline Side-by-side

Showing with 32 additions and 45 deletions

Please register or to comment