[!!!][+FEATURE] Extbase (Security): Added a HMAC generator and checker to prevent...
authorSebastian Kurfürst <sebastian@typo3.org>
Mon, 12 Oct 2009 06:27:19 +0000 (06:27 +0000)
committerSebastian Kurfürst <sebastian@typo3.org>
Mon, 12 Oct 2009 06:27:19 +0000 (06:27 +0000)
commit5b29df95e1c6fd3b0d8e6a4489d6e3941d885c50
tree1136394ff018f9cfefdeb462990828241824960c
parentc754efe724bb4ff5bbe7c59cce0e6def4541ecf3
[!!!][+FEATURE] Extbase (Security): Added a HMAC generator and checker to prevent unauthorized access on objects where no edit fields were generated for. It is mandatory in case objects are modified on the server side. See the issue for a more in-depth explanation. This feature does NOT break backwards-compatibility as long as you use only Fluid for form-generation. In case of custom fields, it WILL break backwards compatibility, and you might need the @dontverifyrequesthash annotation. Relates to #4960.
17 files changed:
typo3/sysext/extbase/Classes/Dispatcher.php
typo3/sysext/extbase/Classes/MVC/Controller/ActionController.php
typo3/sysext/extbase/Classes/MVC/Controller/Argument.php
typo3/sysext/extbase/Classes/MVC/Web/Request.php
typo3/sysext/extbase/Classes/MVC/Web/Routing/UriBuilder.php
typo3/sysext/extbase/Classes/Reflection/ObjectAccess.php
typo3/sysext/extbase/Classes/Security/Channel/RequestHashService.php [new file with mode: 0644]
typo3/sysext/extbase/Classes/Security/Cryptography/HashService.php [new file with mode: 0644]
typo3/sysext/extbase/Classes/Security/Exception.php [new file with mode: 0644]
typo3/sysext/extbase/Classes/Security/Exception/InvalidArgumentForHashGeneration.php [new file with mode: 0644]
typo3/sysext/extbase/Classes/Security/Exception/InvalidArgumentForRequestHashGeneration.php [new file with mode: 0644]
typo3/sysext/extbase/Classes/Security/Exception/SyntacticallyWrongRequestHash.php [new file with mode: 0644]
typo3/sysext/extbase/Tests/MVC/Controller/ActionController_testcase.php
typo3/sysext/extbase/Tests/MVC/Controller/Argument_testcase.php
typo3/sysext/extbase/Tests/MVC/Web/Routing/UriBuilder_testcase.php
typo3/sysext/extbase/Tests/Security/Channel/RequestHashService_testcase.php [new file with mode: 0644]
typo3/sysext/extbase/Tests/Security/Cryptography/HashService_testcase.php [new file with mode: 0644]