[FEATURE] Add API to CSRF protect Ajax calls in Backend 73/27873/8
authorHelmut Hummel <helmut.hummel@typo3.org>
Wed, 26 Feb 2014 14:47:15 +0000 (15:47 +0100)
committerHelmut Hummel <helmut.hummel@typo3.org>
Thu, 27 Feb 2014 20:04:00 +0000 (21:04 +0100)
commit2aa83d3965d322bcabc74cd2ac30b1a1de47b1ec
tree621a321cbb83890aa4e3cb49f919d532bbcf0969
parent45b092d38c8f6d4493c7152b0efcc2fde361515b
[FEATURE] Add API to CSRF protect Ajax calls in Backend

This change adds API to register Ajax ids with
their handler and to get an Ajax URL for
a specific AjaxID.

A token check is added to the ajax.php dispatcher
script. To stay backwards compatible, the token
is only checked, if the AjaxId is registered not
using the new API.

The new API will be used by TYPO3 core in
consecutive changes.

Resolves: #56345
Documentation: #56347
Releases: 6.2
Change-Id: I188a9312b0f4239040e461ba09dc9c8f2b93a68b
Reviewed-on: https://review.typo3.org/27873
Reviewed-by: Wouter Wolters
Reviewed-by: Anja Leichsenring
Tested-by: Anja Leichsenring
Reviewed-by: Markus Klein
Tested-by: Markus Klein
Reviewed-by: Helmut Hummel
Tested-by: Helmut Hummel
NEWS.md
typo3/ajax.php
typo3/sysext/backend/Classes/Utility/BackendUtility.php
typo3/sysext/core/Classes/Utility/ExtensionManagementUtility.php