Skip to content
Snippets Groups Projects
Select Git revision
  • 12.4
  • main default
  • 11.5
  • 13.3
  • l10n_main
  • 13.1
  • 13.0
  • l10n_12.4
  • 10.4
  • 12.1
  • 9.5
  • 11.3
  • master
  • 11.1
  • TYPO3_8-7
  • 10.2
  • 9.3
  • 9.2
  • TYPO3_7-6
  • TYPO3_7-0
  • v13.3.1
  • v12.4.21
  • v11.5.40
  • v13.3.0
  • v12.4.20
  • v12.4.19
  • v12.4.18
  • v11.5.39
  • v12.4.17
  • v13.2.1
  • v13.2.0
  • v12.4.16
  • v11.5.38
  • v13.1.1
  • v12.4.15
  • v11.5.37
  • v13.1.0
  • v12.4.14
  • v12.4.13
  • v12.4.12
40 results
Compare History
user avatar
[BUGFIX] Throw BadRequestException on failed hmac validation from forms
Christian Eßl authored 
If a HMAC of a submitted form is invalid (because it has been tampered
with), TYPO3 would previously throw an exception that leads to a
status code 500. This is incorrect behaviour, as the error comes from
bad user input and not a server error.

In case the HMAC of a submitted form is invalid, both extbase and
ext:form will now throw a BadRequestException, which will then lead to
a status code 400 (BAD REQUEST).

Resolves: #90134
Releases: master, 9.5
Change-Id: If4dad7ba27190b5992bab68b4ce64a423c0db645
Reviewed-on: https://review.typo3.org/c/Packages/TYPO3.CMS/+/63272


Tested-by: default avatarTYPO3com <noreply@typo3.com>
Tested-by: default avatarMarkus Klein <markus.klein@typo3.org>
Tested-by: default avatarAlexander Schnitzler <git@alexanderschnitzler.de>
Tested-by: default avatarGeorg Ringer <georg.ringer@gmail.com>
Reviewed-by: default avatarMarkus Klein <markus.klein@typo3.org>
Reviewed-by: default avatarDaniel Goerz <daniel.goerz@posteo.de>
Reviewed-by: default avatarAlexander Schnitzler <git@alexanderschnitzler.de>
Reviewed-by: default avatarGeorg Ringer <georg.ringer@gmail.com>
f553d918