Helmut Hummel
authored
Because of an information disclosure problem in the backend login we moved the session_start() in t3lib_userauth in a place which caused unwanted side effects with 3rd party extensions. Revert that change to avoid compatibility and performance problems and instead send no cache headers earlier in t3lib_userauth to also fix the information disclosure. Releases: 4.3, 4.4, 4.5, 4.6 Resolves: #29274 Related: #24456, #28694 Change-Id: I87226a21d9b1955773ceb3c377fa1b4c9938e6b2 Reviewed-on: http://review.typo3.org/5007 Reviewed-by: Christopher Hlubek Reviewed-by: Dmitry Dulepov Tested-by: Dmitry Dulepov Reviewed-by: Xavier Perseguers Reviewed-by: Jigal van Hemert Tested-by: Jigal van Hemert
| Name | Last commit | Last update |
|---|---|---|
| t3lib | ||
| tests | ||
| typo3 | ||
| .gitignore | ||
| .gitmodules | ||
| ChangeLog | ||
| GPL.txt | ||
| INSTALL.txt | ||
| LICENSE.txt | ||
| NEWS.txt | ||
| _.htaccess | ||
| index.php |