[BUGFIX] Invalid CSRF token on viewing page using page-tree context menu 97/44297/2
authorOliver Hader <oliver@typo3.org>
Mon, 26 Oct 2015 15:33:20 +0000 (16:33 +0100)
committerWouter Wolters <typo3@wouterwolters.nl>
Thu, 29 Oct 2015 13:56:17 +0000 (14:56 +0100)
commit8974fd23e7e6b4f1747c6e2a0adc11f24e4c2092
tree5d5e8ce834fe5e68fe457148b858223513b8a336
parent3422685d30f50d2cda1325d4ad2b4e41db648f90
[BUGFIX] Invalid CSRF token on viewing page using page-tree context menu

Frontend previews triggered using the context menu of the page-tree are
causing an exception concerning an "invalid CSRF token". The reason for
this is that URL loaded in the context menu are delivered via ExtDirect
and thus are encoded for a JavaScript context. Ampersands are encoded
as well, using the unicode serialization in JSON ('\u0026').

This issue is solved by decoding the value again and thus resolve the
expected URL to be delivered as XHR result.

Resolves: #69021
Releases: master
Change-Id: I5836ae0f3d461f6e3a091c783b9fccd4412eaffb
Reviewed-on: https://review.typo3.org/44297
Reviewed-by: Daniel Goerz <ervaude@gmail.com>
Tested-by: Daniel Goerz <ervaude@gmail.com>
Reviewed-by: Wouter Wolters <typo3@wouterwolters.nl>
Tested-by: Wouter Wolters <typo3@wouterwolters.nl>
typo3/sysext/backend/Classes/Tree/Pagetree/ExtdirectTreeCommands.php