[BUGFIX] Throw BadRequestException on failed hmac validation from forms
If a HMAC of a submitted form is invalid (because it has been tampered with), TYPO3 would previously throw an exception that leads to a status code 500. This is incorrect behaviour, as the error comes from bad user input and not a server error. In case the HMAC of a submitted form is invalid, both extbase and ext:form will now throw a BadRequestException, which will then lead to a status code 400 (BAD REQUEST). Resolves: #90134 Releases: master, 9.5 Change-Id: If4dad7ba27190b5992bab68b4ce64a423c0db645 Reviewed-on: https://review.typo3.org/c/Packages/TYPO3.CMS/+/63272 Tested-by:TYPO3com <noreply@typo3.com> Tested-by:
Markus Klein <markus.klein@typo3.org> Tested-by:
Alexander Schnitzler <git@alexanderschnitzler.de> Tested-by:
Georg Ringer <georg.ringer@gmail.com> Reviewed-by:
Daniel Goerz <daniel.goerz@posteo.de> Reviewed-by:
Showing
- typo3/sysext/extbase/Classes/Mvc/Controller/MvcPropertyMappingConfigurationService.php 10 additions, 1 deletion...Mvc/Controller/MvcPropertyMappingConfigurationService.php
- typo3/sysext/extbase/Tests/Unit/Mvc/Controller/MvcPropertyMappingConfigurationServiceTest.php 19 additions, 0 deletions...Controller/MvcPropertyMappingConfigurationServiceTest.php
- typo3/sysext/form/Classes/Domain/Runtime/FormRuntime.php 9 additions, 1 deletiontypo3/sysext/form/Classes/Domain/Runtime/FormRuntime.php
Please register or sign in to comment