[!!!][SECURITY] Add CSRF Protection for tce_file.php 91/27691/4
authorAlexander Schnitzler <alex.schnitzler@typovision.de>
Tue, 18 Feb 2014 13:37:57 +0000 (14:37 +0100)
committerHelmut Hummel <helmut.hummel@typo3.org>
Mon, 24 Feb 2014 13:30:39 +0000 (14:30 +0100)
commit75281c9c7193fb28464a409836d4c8f7a79af9b9
tree56d51c792020bc30a2577be99469d63e0dd94b59
parentb5d82de88205fc4801762019905072b5ea38725b
[!!!][SECURITY] Add CSRF Protection for tce_file.php

Add a token check in tce_file.php and token generation
everywhere forms for or links to tce_file.php are created.

Additionaly make sure, an instance of ExtendedFileUtility
is created in FileController on initialization to prevent
a fatal "Call to a member function on a non-object" error
in FileController::finish.

Releases: 6.2
Resolves: #55515
Change-Id: Ifd585661ac2cac6c88eaca5ad63b447d27e35395
Reviewed-on: https://review.typo3.org/27691
Reviewed-by: Helmut Hummel
Tested-by: Helmut Hummel
typo3/sysext/backend/Classes/ClickMenu/ClickMenu.php
typo3/sysext/backend/Classes/Controller/File/CreateFolderController.php
typo3/sysext/backend/Classes/Controller/File/EditFileController.php
typo3/sysext/backend/Classes/Controller/File/FileController.php
typo3/sysext/backend/Classes/Controller/File/FileUploadController.php
typo3/sysext/backend/Classes/Controller/File/RenameFileController.php
typo3/sysext/filelist/Classes/FileList.php
typo3/sysext/recordlist/Classes/Browser/ElementBrowser.php
typo3/tce_file.php