[BUGFIX] Use POST for storing uc-related Storage in BE 63/51263/2
authorBenni Mack <benni@typo3.org>
Wed, 11 Jan 2017 01:14:08 +0000 (02:14 +0100)
committerWouter Wolters <typo3@wouterwolters.nl>
Wed, 11 Jan 2017 11:33:14 +0000 (12:33 +0100)
The AJAX call to store uc settings should be handled
as POST request, and not a GET request to ensure that
even long data can be stored on the server and not
run in Firewall/HTTP GET length restrictions.

Additionally a really bad typo did not allow any
POST requests in UserSettingsController as the key
evaluation was wrong.

Resolves: #79266
Releases: master, 7.6
Change-Id: I0fd10090416b1a16f6a9bdc6a07efceccf147336
Reviewed-on: https://review.typo3.org/51263
Tested-by: TYPO3com <no-reply@typo3.com>
Reviewed-by: Wouter Wolters <typo3@wouterwolters.nl>
Tested-by: Wouter Wolters <typo3@wouterwolters.nl>
typo3/sysext/backend/Classes/Controller/UserSettingsController.php
typo3/sysext/backend/Resources/Public/JavaScript/Storage.js

index a577418..91aed30 100644 (file)
@@ -37,7 +37,7 @@ class UserSettingsController
     {
         // do the regular / main logic, depending on the action parameter
         $action = isset($request->getParsedBody()['action']) ? $request->getParsedBody()['action'] : $request->getQueryParams()['action'];
-        $key = isset($request->getParsedBody()['key']) ? $request->getParsedBody()['fileName'] : $request->getQueryParams()['key'];
+        $key = isset($request->getParsedBody()['key']) ? $request->getParsedBody()['key'] : $request->getQueryParams()['key'];
         $value = isset($request->getParsedBody()['value']) ? $request->getParsedBody()['value'] : $request->getQueryParams()['value'];
 
         $content = $this->process($action, $key, $value);
index 61531c3..27339cd 100644 (file)
@@ -130,7 +130,7 @@ define(['jquery'], function ($) {
         * @returns {*}
         */
        Storage.Persistent.addToList = function(key, value) {
-               return $.ajax(TYPO3.settings.ajaxUrls['usersettings_process'], {data: {'action': 'addToList', key: key, value: value}}).done(function(data) {
+               return $.ajax(TYPO3.settings.ajaxUrls['usersettings_process'], {method: 'post', data: {'action': 'addToList', key: key, value: value}}).done(function(data) {
                        Storage.Persistent._data = data;
                });
        };
@@ -142,7 +142,7 @@ define(['jquery'], function ($) {
         * @returns {*}
         */
        Storage.Persistent.removeFromList = function(key, value) {
-               return $.ajax(TYPO3.settings.ajaxUrls['usersettings_process'], {data: {'action': 'removeFromList', key: key, value: value}}).done(function(data) {
+               return $.ajax(TYPO3.settings.ajaxUrls['usersettings_process'], {method: 'post', data: {'action': 'removeFromList', key: key, value: value}}).done(function(data) {
                        Storage.Persistent._data = data;
                });
        };
@@ -153,7 +153,7 @@ define(['jquery'], function ($) {
         * @returns {*}
         */
        Storage.Persistent.unset = function(key) {
-               return $.ajax(TYPO3.settings.ajaxUrls['usersettings_process'], {data: {'action': 'unset', key: key}}).done(function(data) {
+               return $.ajax(TYPO3.settings.ajaxUrls['usersettings_process'], {method: 'post', data: {'action': 'unset', key: key}}).done(function(data) {
                        Storage.Persistent._data = data;
                });
        };
@@ -208,7 +208,7 @@ define(['jquery'], function ($) {
         * @private
         */
        Storage.Persistent._storeOnServer = function(key, value) {
-               return $.ajax(TYPO3.settings.ajaxUrls['usersettings_process'], {data: {'action': 'set', key: key, value: value}}).done(function(data) {
+               return $.ajax(TYPO3.settings.ajaxUrls['usersettings_process'], {method: 'post', data: {'action': 'set', key: key, value: value}}).done(function(data) {
                        Storage.Persistent._data = data;
                });
        };