[TASK] Remove redundant CSRF protection tokens and deprecate used methods 69/43069/3
authorHelmut Hummel <helmut.hummel@typo3.org>
Sun, 6 Sep 2015 14:49:21 +0000 (16:49 +0200)
committerMarkus Klein <markus.klein@typo3.org>
Mon, 7 Sep 2015 11:37:58 +0000 (13:37 +0200)
commitdfdfc9c91c524523ca1ae7f0738d48db02f3cc1c
tree6cc1cabc2014a644bf137dde00f75d6f123d194c
parentb5a1d42c2b68996480a44af8e8e0f3266b00ea0c
[TASK] Remove redundant CSRF protection tokens and deprecate used methods

The CSRF tokens for edit document and tce actions were introduced,
to protect these entry scripts. Since the entry scripts are removed now
and any entry point is protected with a CSRF token by default, we do not need
these additional tokens any more.

The helper methods can now also be deprecated and the check for the tokens
is removed in the controllers.

Please note that in the deprecated.php the tokens still must be checked, as
third party modules still might generate URLs to the old entry scripts and
we want to have this deprecated entry point still be protected.

Resolves: #69562
Releases: master
Change-Id: I9df443c7fcb4c7db4f7f682d3643b780480ed5de
Reviewed-on: http://review.typo3.org/43069
Reviewed-by: Wouter Wolters <typo3@wouterwolters.nl>
Tested-by: Wouter Wolters <typo3@wouterwolters.nl>
Reviewed-by: Christian Kuhn <lolli@schwarzbu.ch>
Reviewed-by: Markus Klein <markus.klein@typo3.org>
Tested-by: Markus Klein <markus.klein@typo3.org>
26 files changed:
typo3/sysext/backend/Classes/Backend/ToolbarItems/ClearCacheToolbarItem.php
typo3/sysext/backend/Classes/ClickMenu/ClickMenu.php
typo3/sysext/backend/Classes/Clipboard/Clipboard.php
typo3/sysext/backend/Classes/Controller/EditDocumentController.php
typo3/sysext/backend/Classes/Controller/File/CreateFolderController.php
typo3/sysext/backend/Classes/Controller/File/EditFileController.php
typo3/sysext/backend/Classes/Controller/File/FileController.php
typo3/sysext/backend/Classes/Controller/File/FileUploadController.php
typo3/sysext/backend/Classes/Controller/File/RenameFileController.php
typo3/sysext/backend/Classes/Controller/File/ReplaceFileController.php
typo3/sysext/backend/Classes/Controller/PageLayoutController.php
typo3/sysext/backend/Classes/Controller/SimpleDataHandlerController.php
typo3/sysext/backend/Classes/Controller/Wizard/RteController.php
typo3/sysext/backend/Classes/Form/FormEngine.php
typo3/sysext/backend/Classes/Template/DocumentTemplate.php
typo3/sysext/backend/Classes/Tree/View/PageMovingPagePositionMap.php
typo3/sysext/backend/Classes/Tree/View/PagePositionMap.php
typo3/sysext/backend/Classes/Utility/BackendUtility.php
typo3/sysext/beuser/Classes/ViewHelpers/IssueCommandViewHelper.php
typo3/sysext/beuser/Classes/ViewHelpers/RemoveUserViewHelper.php
typo3/sysext/core/Classes/Database/QueryView.php
typo3/sysext/core/Documentation/Changelog/master/Deprecation-69562-DeprecateHelperMethodsForRedundantCSRFProtection.rst [new file with mode: 0644]
typo3/sysext/filelist/Classes/FileList.php
typo3/sysext/recordlist/Classes/Browser/ElementBrowser.php
typo3/sysext/sys_note/Classes/ViewHelpers/DeleteLinkViewHelper.php
typo3/sysext/version/Classes/Controller/VersionModuleController.php