Fixed bug #12397: CSRF protection for clickmenu and old workspace module (Thanks...
authorSusanne Moog <typo3@susannemoog.de>
Thu, 20 Jan 2011 16:19:01 +0000 (16:19 +0000)
committerSusanne Moog <typo3@susannemoog.de>
Thu, 20 Jan 2011 16:19:01 +0000 (16:19 +0000)
git-svn-id: https://svn.typo3.org/TYPO3v4/CoreProjects/workspaces/version/trunk@3901 743128fe-103e-dd11-99c4-001b210b3e58

typo3/sysext/version/ChangeLog
typo3/sysext/version/cm1/index.php
typo3/sysext/version/ws/index.php

index 87d68df..1b5eaa2 100644 (file)
@@ -1,3 +1,7 @@
+2011-01-20  Susanne Moog <typo3@susanne-moog.de>
+
+       * Fixed bug #12397: CSRF protection for clickmenu and old workspace module (Thanks to Helmut Hummel)
+
 2011-01-12  Oliver Hader  <oliver.hader@typo3.org>
 
        * Follow-up to bug #11832: Label of the anchor is empty
index 3113eb0..e359d13 100755 (executable)
@@ -534,7 +534,7 @@ class tx_version_cm1 extends t3lib_SCbase {
                        <input type="hidden" name="prErr" value="1" />
                        <input type="hidden" name="redirect" value="'.htmlspecialchars($this->REQUEST_URI).'" />
                        <input type="submit" name="_" value="' . $GLOBALS['LANG']->getLL('createNewVersion') . '" />
-
+                       ' . t3lib_TCEforms::getHiddenTokenField('tceAction') . '
                        </form>
 
                ';
@@ -1854,4 +1854,6 @@ $SOBE->init();
 $SOBE->main();
 $SOBE->printContent();
 
+t3lib_formprotection_Factory::get('t3lib_formprotection_BackendFormProtection')->persistTokens();
+
 ?>
\ No newline at end of file
index 143eba6..f767aa7 100755 (executable)
@@ -1091,4 +1091,6 @@ $SOBE->init();
 $SOBE->main();
 $SOBE->printContent();
 
+t3lib_formprotection_Factory::get('t3lib_formprotection_BackendFormProtection')->persistTokens();
+
 ?>
\ No newline at end of file