[BUGFIX] Do not log failed HMAC validation from forms
When a HMAC of a submitted form is invalid, TYPO3 throws a BadRequestException which is logged to sys_log and logfiles. Those invalid HMAC validation errors occur when the values of the hidden fields tx_extension[__trustedProperties] (extbase) or tx_form_formframework[form-id][__state] (ext:form) are manipulated. Since a TYPO3 site owner has no reasonable possibility to prevent tampered form submissions and in order to keep logs clean from errors due to illegal requests, the exceptions are now not logged any more. Resolves: #93667 Related: #90134 Releases: master, 10.4 Change-Id: Icc9b209b29c9624c03e6b4e6689b8242a02ef349 Reviewed-on: https://review.typo3.org/c/Packages/TYPO3.CMS/+/68196 Tested-by:TYPO3com <noreply@typo3.com> Tested-by:
core-ci <typo3@b13.com> Tested-by:
Benni Mack <benni@typo3.org> Tested-by:
Josef Glatz <josefglatz@gmail.com> Tested-by:
Anja Leichsenring <aleichsenring@ab-softlab.de> Reviewed-by:
Richard Haeser <richard@richardhaeser.com> Reviewed-by:
Mathias Brodala <mbrodala@pagemachine.de> Reviewed-by:
Oliver Bartsch <bo@cedev.de> Reviewed-by:
Please register or sign in to comment