[+BUGFIX] Extbase (MVC): re-enabled HMAC check for BE forms. The deactivation was...
authorBastian Waidelich <bastian@typo3.org>
Tue, 30 Nov 2010 11:31:40 +0000 (11:31 +0000)
committerBastian Waidelich <bastian@typo3.org>
Tue, 30 Nov 2010 11:31:40 +0000 (11:31 +0000)
typo3/sysext/extbase/Classes/MVC/Web/BackendRequestHandler.php

index 7faf5ac..29ca2b3 100644 (file)
@@ -38,7 +38,11 @@ class Tx_Extbase_MVC_Web_BackendRequestHandler extends Tx_Extbase_MVC_Web_Abstra
         */
        public function handleRequest() {
                $request = $this->requestBuilder->build();
-               $request->setHmacVerified(TRUE);
+
+                       // Request hash service
+               $requestHashService = $this->objectManager->get('Tx_Extbase_Security_Channel_RequestHashService'); // singleton
+               $requestHashService->verifyRequest($request);
+
                $response = $this->objectManager->create('Tx_Extbase_MVC_Web_Response');
 
                $this->dispatcher->dispatch($request, $response);