[!!!][SECURITY] Remove old wizard scripts 56/27956/7
authorHelmut Hummel <helmut.hummel@typo3.org>
Fri, 28 Feb 2014 20:38:52 +0000 (21:38 +0100)
committerHelmut Hummel <helmut.hummel@typo3.org>
Sat, 1 Mar 2014 22:29:15 +0000 (23:29 +0100)
commitdfab37ac702f566250bcb4f9cec35da471dafad5
tree577ace96831e2f1346e8e3775985f59da804d907
parent3d4de84e357e497b1dc98dba9d91c8b30a43eb87
[!!!][SECURITY] Remove old wizard scripts

Keeping the old wizard script would not solve
the CSRF attack vector as they could still
be referenced in this kind of attack.

Because of that, we remove them now.

This change provides a backwards compatibility
layer in FormsEngine which takes care of rewriting
URLs which have been referenced in TCA.

Also the priority is changed in code. This means
that extension authors can reference both
configurations to stay compatible with older
TYPO3 versions.

It will however break code which link to the
old scripts directly in other places.

Resolves: #56454
Releases: 6.2
Change-Id: I15f5d929f16fdd53a8b87cd32440a3d6ce59b6ed
Reviewed-on: https://review.typo3.org/27956
Reviewed-by: Wouter Wolters
Tested-by: Wouter Wolters
Reviewed-by: Helmut Hummel
Tested-by: Helmut Hummel
typo3/sysext/backend/Classes/Form/FormEngine.php
typo3/wizard_add.php [deleted file]
typo3/wizard_colorpicker.php [deleted file]
typo3/wizard_edit.php [deleted file]
typo3/wizard_forms.php [deleted file]
typo3/wizard_list.php [deleted file]
typo3/wizard_rte.php [deleted file]
typo3/wizard_table.php [deleted file]