Commit dfdfc9c9 authored by Helmut Hummel's avatar Helmut Hummel Committed by Markus Klein
Browse files

[TASK] Remove redundant CSRF protection tokens and deprecate used methods

The CSRF tokens for edit document and tce actions were introduced,
to protect these entry scripts. Since the entry scripts are removed now
and any entry point is protected with a CSRF token by default, we do not need
these additional tokens any more.

The helper methods can now also be deprecated and the check for the tokens
is removed in the controllers.

Please note that in the deprecated.php the tokens still must be checked, as
third party modules still might generate URLs to the old entry scripts and
we want to have this deprecated entry point still be protected.

Resolves: #69562
Releases: master
Change-Id: I9df443c7fcb4c7db4f7f682d3643b780480ed5de
Reviewed-on: http://review.typo3.org/43069

Reviewed-by: Wouter Wolters's avatarWouter Wolters <typo3@wouterwolters.nl>
Tested-by: Wouter Wolters's avatarWouter Wolters <typo3@wouterwolters.nl>
Reviewed-by: Christian Kuhn's avatarChristian Kuhn <lolli@schwarzbu.ch>
Reviewed-by: Markus Klein's avatarMarkus Klein <markus.klein@typo3.org>
Tested-by: Markus Klein's avatarMarkus Klein <markus.klein@typo3.org>
parent b5a1d42c
......@@ -56,7 +56,7 @@ class ClearCacheToolbarItem implements ToolbarItemInterface {
'id' => 'pages',
'title' => $languageService->sL('LLL:EXT:lang/locallang_core.xlf:flushPageCachesTitle', TRUE),
'description' => $languageService->sL('LLL:EXT:lang/locallang_core.xlf:flushPageCachesDescription', TRUE),
'href' => BackendUtility::getModuleUrl('tce_db', ['vC' => $backendUser->veriCode(), 'cacheCmd' => 'pages', 'ajaxCall' => 1]) . BackendUtility::getUrlToken('tceAction'),
'href' => BackendUtility::getModuleUrl('tce_db', ['vC' => $backendUser->veriCode(), 'cacheCmd' => 'pages', 'ajaxCall' => 1]),
'icon' => $iconFactory->getIcon('actions-system-cache-clear-impact-low', Icon::SIZE_SMALL)
);
$this->optionValues[] = 'pages';
......@@ -68,7 +68,7 @@ class ClearCacheToolbarItem implements ToolbarItemInterface {
'id' => 'all',
'title' => $languageService->sL('LLL:EXT:lang/locallang_core.xlf:flushGeneralCachesTitle', TRUE),
'description' => $languageService->sL('LLL:EXT:lang/locallang_core.xlf:flushGeneralCachesDescription', TRUE),
'href' => BackendUtility::getModuleUrl('tce_db', ['vC' => $backendUser->veriCode(), 'cacheCmd' => 'all', 'ajaxCall' => 1]) . BackendUtility::getUrlToken('tceAction'),
'href' => BackendUtility::getModuleUrl('tce_db', ['vC' => $backendUser->veriCode(), 'cacheCmd' => 'all', 'ajaxCall' => 1]),
'icon' => $iconFactory->getIcon('actions-system-cache-clear-impact-medium', Icon::SIZE_SMALL)
);
$this->optionValues[] = 'all';
......@@ -84,7 +84,7 @@ class ClearCacheToolbarItem implements ToolbarItemInterface {
'id' => 'system',
'title' => $languageService->sL('LLL:EXT:lang/locallang_core.xlf:flushSystemCachesTitle', TRUE),
'description' => $languageService->sL('LLL:EXT:lang/locallang_core.xlf:flushSystemCachesDescription', TRUE),
'href' => BackendUtility::getModuleUrl('tce_db', ['vC' => $backendUser->veriCode(), 'cacheCmd' => 'system', 'ajaxCall' => 1]) . BackendUtility::getUrlToken('tceAction'),
'href' => BackendUtility::getModuleUrl('tce_db', ['vC' => $backendUser->veriCode(), 'cacheCmd' => 'system', 'ajaxCall' => 1]),
'icon' => $iconFactory->getIcon('actions-system-cache-clear-impact-high', Icon::SIZE_SMALL)
);
$this->optionValues[] = 'system';
......
......@@ -748,7 +748,7 @@ class ClickMenu {
GeneralUtility::quoteJSvalue(BackendUtility::getModuleUrl('tce_db') . '&redirect=') . '+top.rawurlencode(' .
$this->frameLocation($loc . '.document') . '.pathname+' . $this->frameLocation(($loc . '.document')) . '.search)+' .
GeneralUtility::quoteJSvalue(
'&cmd[' . $table . '][' . $uid . '][delete]=1&prErr=1&vC=' . $this->backendUser->veriCode() . BackendUtility::getUrlToken('tceAction')
'&cmd[' . $table . '][' . $uid . '][delete]=1&prErr=1&vC=' . $this->backendUser->veriCode()
) . ';};';
if ($table === 'pages') {
$editOnClick .= 'top.nav.refresh.defer(500, top.nav);';
......@@ -825,7 +825,7 @@ class ClickMenu {
GeneralUtility::quoteJSvalue(BackendUtility::getModuleUrl('tce_db') . '&redirect=') . '+top.rawurlencode(' .
$this->frameLocation($loc . '.document') . '.pathname+' . $this->frameLocation(($loc . '.document')) . '.search)+' .
GeneralUtility::quoteJSvalue(
'&data[' . $table . '][' . $uid . '][' . $flagField . ']=' . ($rec[$flagField] ? 0 : 1) . '&prErr=1&vC=' . $this->backendUser->veriCode() . BackendUtility::getUrlToken('tceAction')
'&data[' . $table . '][' . $uid . '][' . $flagField . ']=' . ($rec[$flagField] ? 0 : 1) . '&prErr=1&vC=' . $this->backendUser->veriCode()
) . ';};';
if ($table === 'pages') {
$editOnClick .= 'top.nav.refresh.defer(500, top.nav);';
......@@ -1050,7 +1050,7 @@ class ClickMenu {
GeneralUtility::quoteJSvalue(BackendUtility::getModuleUrl('tce_file') . '&redirect=') . '+top.rawurlencode(' .
$this->frameLocation(($loc . '.document')) . '.pathname+' . $this->frameLocation(($loc . '.document')) . '.search)+' .
GeneralUtility::quoteJSvalue(
'&file[delete][0][data]=' . rawurlencode($path) . '&vC=' . $this->backendUser->veriCode() . BackendUtility::getUrlToken('tceAction')
'&file[delete][0][data]=' . rawurlencode($path) . '&vC=' . $this->backendUser->veriCode()
) . ';};';
return $this->linkItem($this->label('delete'), $this->iconFactory->getIcon('actions-edit-delete', Icon::SIZE_SMALL), $editOnClick . 'return false;');
}
......@@ -1155,7 +1155,7 @@ class ClickMenu {
$this->frameLocation(($loc . '.document')) . '.pathname+' . $this->frameLocation(($loc . '.document')) . '.search)+' .
GeneralUtility::quoteJSvalue(
'&cmd[pages][' . $srcUid . '][' . $action . ']=' . $negativeSign . $dstUid . '&prErr=1&vC=' .
$this->backendUser->veriCode() . BackendUtility::getUrlToken('tceAction')
$this->backendUser->veriCode()
) . ';};top.nav.refresh();';
return $this->linkItem($this->label($action . 'Page_' . $into), IconUtility::getSpriteIcon('actions-document-paste-' . $into), $editOnClick . 'return false;', 0);
}
......@@ -1176,7 +1176,7 @@ class ClickMenu {
$this->frameLocation(($loc . '.document')) . '.pathname+' . $this->frameLocation(($loc . '.document')) . '.search)+' .
GeneralUtility::quoteJSvalue(
'&file[' . $action . '][0][data]=' . $srcPath . '&file[' . $action . '][0][target]=' . $dstPath . '&prErr=1&vC=' .
$this->backendUser->veriCode() . BackendUtility::getUrlToken('tceAction')
$this->backendUser->veriCode()
) . ';};top.nav.refresh();';
return $this->linkItem($this->label($action . 'Folder_into'), IconUtility::getSpriteIcon('apps-pagetree-drag-move-into'), $editOnClick . 'return false;', 0);
}
......
......@@ -606,7 +606,7 @@ class Clipboard {
if (is_array($update)) {
$urlParameters['CB[update]'] = $update;
}
return BackendUtility::getModuleUrl($table === '_FILE' ? 'tce_file' : 'tce_db', $urlParameters) . BackendUtility::getUrlToken('tceAction');
return BackendUtility::getModuleUrl($table === '_FILE' ? 'tce_file' : 'tce_db', $urlParameters);
}
/**
......@@ -627,7 +627,7 @@ class Clipboard {
if ($setRedirect) {
$urlParameters['redirect'] = GeneralUtility::linkThisScript(array('CB' => ''));
}
return BackendUtility::getModuleUrl($file ? 'tce_file' : 'tce_db', $urlParameters) . BackendUtility::getUrlToken('tceAction');
return BackendUtility::getModuleUrl($file ? 'tce_file' : 'tce_db', $urlParameters);
}
/**
......
......@@ -741,7 +741,7 @@ class EditDocumentController implements \TYPO3\CMS\Core\Http\ControllerInterface
}
}
function deleteRecord(table,id,url) { //
window.location.href = ' . GeneralUtility::quoteJSvalue(BackendUtility::getModuleUrl('tce_db') . '&cmd[') . '+table+"]["+id+"][delete]=1' . BackendUtility::getUrlToken('tceAction') . '&redirect="+escape(url)+"&vC=' . $beUser->veriCode() . '&prErr=1&uPT=1";
window.location.href = ' . GeneralUtility::quoteJSvalue(BackendUtility::getModuleUrl('tce_db') . '&cmd[') . '+table+"]["+id+"][delete]=1&redirect="+escape(url)+"&vC=' . $beUser->veriCode() . '&prErr=1&uPT=1";
}
';
......@@ -1278,7 +1278,7 @@ class EditDocumentController implements \TYPO3\CMS\Core\Http\ControllerInterface
<input type="hidden" name="closeDoc" value="0" />
<input type="hidden" name="doSave" value="0" />
<input type="hidden" name="_serialNumber" value="' . md5(microtime()) . '" />
<input type="hidden" name="_scrollPosition" value="" />' . FormEngine::getHiddenTokenField('editRecord');
<input type="hidden" name="_scrollPosition" value="" />';
return $formContent;
}
......@@ -1370,13 +1370,13 @@ class EditDocumentController implements \TYPO3\CMS\Core\Http\ControllerInterface
$redirectUrl = BackendUtility::getModuleUrl('record_edit', array(
'justLocalized' => $table . ':' . $rowsByLang[0]['uid'] . ':' . $lang['uid'],
'returnUrl' => $this->retUrl
)) . BackendUtility::getUrlToken('editRecord');
));
$href = $this->doc->issueCommand('&cmd[' . $table . '][' . $rowsByLang[0]['uid'] . '][localize]=' . $lang['uid'], $redirectUrl);
} else {
$href = BackendUtility::getModuleUrl('record_edit', array(
'edit[' . $table . '][' . $rowsByLang[$lang['uid']]['uid'] . ']' => 'edit',
'returnUrl' => $this->retUrl
)) . BackendUtility::getUrlToken('editRecord');
));
}
$langSelItems[$lang['uid']] = '
<option value="' . htmlspecialchars($href) . '"' . ($currentLanguage == $lang['uid'] ? ' selected="selected"' : '') . '>' . htmlspecialchars(($lang['title'] . $newTranslation)) . '</option>';
......@@ -1411,7 +1411,7 @@ class EditDocumentController implements \TYPO3\CMS\Core\Http\ControllerInterface
'edit[' . $table . '][' . $localizedRecord['uid'] . ']' => 'edit',
'returnUrl' => GeneralUtility::sanitizeLocalUrl(GeneralUtility::_GP('returnUrl'))
));
HttpUtility::redirect($location . BackendUtility::getUrlToken('editRecord'));
HttpUtility::redirect($location);
}
}
}
......@@ -1670,10 +1670,7 @@ class EditDocumentController implements \TYPO3\CMS\Core\Http\ControllerInterface
// Checks, if a save button has been clicked (or the doSave variable is sent)
if ($this->doProcessData()) {
$formProtection = \TYPO3\CMS\Core\FormProtection\FormProtectionFactory::get();
if ($formProtection->validateToken(\TYPO3\CMS\Core\Utility\GeneralUtility::_GP('formToken'), 'editRecord')) {
$this->processData();
}
$this->processData();
}
$this->init();
......
......@@ -184,7 +184,6 @@ class CreateFolderController implements \TYPO3\CMS\Core\Http\ControllerInterface
</div><div class="form-group">
<input class="btn btn-default" type="submit" value="' . $lang->sL('LLL:EXT:lang/locallang_core.xlf:file_newfolder.php.submit', TRUE) . '" />
<input type="hidden" name="redirect" value="' . htmlspecialchars($this->returnUrl) . '" />
' . \TYPO3\CMS\Backend\Form\FormEngine::getHiddenTokenField('tceAction') . '
</div>
';
// Switching form tags:
......@@ -225,7 +224,6 @@ class CreateFolderController implements \TYPO3\CMS\Core\Http\ControllerInterface
<div class="form-group">
<input class="btn btn-default" type="submit" value="' . $lang->sL('LLL:EXT:lang/locallang_core.xlf:file_newfolder.php.newfile_submit', TRUE) . '" />
<input type="hidden" name="redirect" value="' . htmlspecialchars($this->returnUrl) . '" />
' . \TYPO3\CMS\Backend\Form\FormEngine::getHiddenTokenField('tceAction') . '
</div>
';
$pageContent .= $this->doc->section($lang->sL('LLL:EXT:lang/locallang_core.xlf:file_newfolder.php.newfile'), $code);
......
......@@ -170,7 +170,6 @@ class EditFileController implements \TYPO3\CMS\Core\Http\ControllerInterface {
<textarea rows="30" name="file[editfile][0][data]" wrap="off" ' . $this->doc->formWidth(48, TRUE, 'width:98%;height:80%') . ' class="text-monospace t3js-enable-tab">' . htmlspecialchars($fileContent) . '</textarea>
<input type="hidden" name="file[editfile][0][target]" value="' . $this->fileObject->getUid() . '" />
<input type="hidden" name="redirect" value="' . htmlspecialchars($hValue) . '" />
' . \TYPO3\CMS\Backend\Form\FormEngine::getHiddenTokenField('tceAction') . '
</div>
<br />';
// Make shortcut:
......
......@@ -173,11 +173,7 @@ class FileController implements \TYPO3\CMS\Core\Http\ControllerInterface {
* @return \Psr\Http\Message\ResponseInterface $response
*/
public function processRequest(ServerRequestInterface $request) {
$formProtection = \TYPO3\CMS\Core\FormProtection\FormProtectionFactory::get();
$formToken = isset($request->getQueryParams()['formToken']) ? $request->getQueryParams()['formToken'] : $request->getParsedBody()['formToken'];
if ($formProtection->validateToken($formToken, 'tceAction')) {
$this->main();
}
$this->main();
// Push errors to flash message queue, if there are any
$this->fileProcessor->pushErrorMessagesToFlashMessageQueue();
......
......@@ -172,7 +172,6 @@ class FileUploadController implements \TYPO3\CMS\Core\Http\ControllerInterface {
$content .= '
<div id="c-submit">
<input type="hidden" name="redirect" value="' . $this->returnUrl . '" /><br />
' . \TYPO3\CMS\Backend\Form\FormEngine::getHiddenTokenField('tceAction') . '
<input class="btn btn-default" type="submit" value="' . $this->getLanguageService()->sL('LLL:EXT:lang/locallang_core.xlf:file_upload.php.submit', TRUE) . '" />
</div>
';
......
......@@ -153,7 +153,6 @@ class RenameFileController implements \TYPO3\CMS\Core\Http\ControllerInterface {
<input class="btn btn-primary" type="submit" value="' . $this->getLanguageService()->sL('LLL:EXT:lang/locallang_core.xlf:file_rename.php.submit', TRUE) . '" />
<input class="btn btn-danger" type="submit" value="' . $this->getLanguageService()->sL('LLL:EXT:lang/locallang_core.xlf:labels.cancel', TRUE) . '" onclick="backToList(); return false;" />
<input type="hidden" name="redirect" value="' . htmlspecialchars($this->returnUrl) . '" />
' . \TYPO3\CMS\Backend\Form\FormEngine::getHiddenTokenField('tceAction') . '
</div>
';
$pageContent .= '</form>';
......
......@@ -175,7 +175,6 @@ class ReplaceFileController implements \TYPO3\CMS\Core\Http\ControllerInterface
<input class="btn btn-primary" type="submit" value="' . $this->getLanguageService()->sL('LLL:EXT:lang/locallang_core.xlf:file_replace.php.submit', TRUE) . '" />
<input class="btn btn-danger" type="submit" value="' . $this->getLanguageService()->sL('LLL:EXT:lang/locallang_core.xlf:labels.cancel', TRUE) . '" onclick="backToList(); return false;" />
<input type="hidden" name="redirect" value="' . htmlspecialchars($this->returnUrl) . '" />
' . \TYPO3\CMS\Backend\Form\FormEngine::getHiddenTokenField('tceAction') . '
</div>
';
$code .= '</form>';
......
......@@ -544,7 +544,7 @@ class PageLayoutController {
function deleteRecord(table,id,url) { //
if (confirm(' . GeneralUtility::quoteJSvalue($lang->getLL('deleteWarning')) . ')) {
window.location.href = ' . GeneralUtility::quoteJSvalue(BackendUtility::getModuleUrl('tce_db') . '&cmd[') . '+table+"]["+id+"][delete]=1&redirect="+escape(url)+"&vC=' . $this->getBackendUser()->veriCode() . BackendUtility::getUrlToken('tceAction') . '&prErr=1&uPT=1";
window.location.href = ' . GeneralUtility::quoteJSvalue(BackendUtility::getModuleUrl('tce_db') . '&cmd[') . '+table+"]["+id+"][delete]=1&redirect="+escape(url)+"&vC=' . $this->getBackendUser()->veriCode() . '&prErr=1&uPT=1";
}
return false;
}
......@@ -905,7 +905,7 @@ class PageLayoutController {
'returnUrl' => $this->returnUrl
)
) : $this->R_URI)) . '" />
' . FormEngine::getHiddenTokenField('tceAction');
';
// Add JavaScript as needed around the form:
$theCode = $tceForms->printNeededJSFunctions_top() . $theCode . $tceForms->printNeededJSFunctions();
// Add warning sign if record was "locked":
......
......@@ -248,12 +248,8 @@ class SimpleDataHandlerController implements \TYPO3\CMS\Core\Http\ControllerInte
* @return \Psr\Http\Message\ResponseInterface $response
*/
public function processRequest(ServerRequestInterface $request) {
$formProtection = \TYPO3\CMS\Core\FormProtection\FormProtectionFactory::get();
$formToken = isset($request->getQueryParams()['formToken']) ? $request->getQueryParams()['formToken'] : $request->getParsedBody()['formToken'];
if ($formProtection->validateToken($formToken, 'tceAction')) {
$this->initClipboard();
$this->main();
}
$this->initClipboard();
$this->main();
// Write errors to flash message queue
if ($this->prErr) {
......
......@@ -196,7 +196,7 @@ class RteController extends AbstractWizardController implements \TYPO3\CMS\Core\
</table>';
// Adding hidden fields:
$formContent .= '<input type="hidden" name="redirect" value="' . htmlspecialchars($this->R_URI) . '" />
<input type="hidden" name="_serialNumber" value="' . md5(microtime()) . '" />' . FormEngine::getHiddenTokenField('tceAction');
<input type="hidden" name="_serialNumber" value="' . md5(microtime()) . '" />';
// Finally, add the whole setup:
$this->content .= $formEngine->printNeededJSFunctions_top() . $formContent . $formEngine->printNeededJSFunctions();
} else {
......
......@@ -1111,8 +1111,10 @@ class FormEngine {
* @param string $formName Context of the token
* @param string $tokenName The name of the token GET/POST variable
* @return string A complete input field
* @deprecated since TYPO3 7, will be removed in TYPO3 8. All backend modules and routes are secured by default now. If you need a form field with a token, use the form protection directly.
*/
static public function getHiddenTokenField($formName = 'securityToken', $tokenName = 'formToken') {
GeneralUtility::logDeprecatedFunction();
$formprotection = FormProtectionFactory::get();
return '<input type="hidden" name="' . $tokenName . '" value="' . $formprotection->generateToken($formName) . '" />';
}
......
......@@ -569,7 +569,7 @@ function jumpToUrl(URL) {
'uPT' => 1,
'vC' => $beUser->veriCode()
];
$url = BackendUtility::getModuleUrl('tce_db', $urlParameters) . $params . BackendUtility::getUrlToken('tceAction') . '&redirect=';
$url = BackendUtility::getModuleUrl('tce_db', $urlParameters) . $params . '&redirect=';
if ((int)$redirectUrl === -1) {
$url = GeneralUtility::quoteJSvalue($url) . '+T3_THIS_LOCATION';
} else {
......
......@@ -40,7 +40,7 @@ class PageMovingPagePositionMap extends PagePositionMap {
* @return string Onclick attribute content
*/
public function onClickEvent($pid, $newPagePID) {
return 'window.location.href=' . \TYPO3\CMS\Core\Utility\GeneralUtility::quoteJSvalue(\TYPO3\CMS\Backend\Utility\BackendUtility::getModuleUrl('tce_db') . '&cmd[pages][' . $GLOBALS['SOBE']->moveUid . '][' . $this->moveOrCopy . ']=' . $pid . '&redirect=' . rawurlencode($this->R_URI) . '&prErr=1&uPT=1&vC=' . $GLOBALS['BE_USER']->veriCode() . \TYPO3\CMS\Backend\Utility\BackendUtility::getUrlToken('tceAction')) . ';return false;';
return 'window.location.href=' . \TYPO3\CMS\Core\Utility\GeneralUtility::quoteJSvalue(\TYPO3\CMS\Backend\Utility\BackendUtility::getModuleUrl('tce_db') . '&cmd[pages][' . $GLOBALS['SOBE']->moveUid . '][' . $this->moveOrCopy . ']=' . $pid . '&redirect=' . rawurlencode($this->R_URI) . '&prErr=1&uPT=1&vC=' . $GLOBALS['BE_USER']->veriCode()) . ';return false;';
}
/**
......
......@@ -488,9 +488,9 @@ class PagePositionMap {
public function onClickInsertRecord($row, $vv, $moveUid, $pid, $sys_lang = 0) {
$table = 'tt_content';
if (is_array($row)) {
$location = BackendUtility::getModuleUrl('tce_db') . '&cmd[' . $table . '][' . $moveUid . '][' . $this->moveOrCopy . ']=-' . $row['uid'] . '&prErr=1&uPT=1&vC=' . $GLOBALS['BE_USER']->veriCode() . BackendUtility::getUrlToken('tceAction');
$location = BackendUtility::getModuleUrl('tce_db') . '&cmd[' . $table . '][' . $moveUid . '][' . $this->moveOrCopy . ']=-' . $row['uid'] . '&prErr=1&uPT=1&vC=' . $GLOBALS['BE_USER']->veriCode();
} else {
$location = BackendUtility::getModuleUrl('tce_db') . '&cmd[' . $table . '][' . $moveUid . '][' . $this->moveOrCopy . ']=' . $pid . '&data[' . $table . '][' . $moveUid . '][colPos]=' . $vv . '&prErr=1&vC=' . $GLOBALS['BE_USER']->veriCode() . BackendUtility::getUrlToken('tceAction');
$location = BackendUtility::getModuleUrl('tce_db') . '&cmd[' . $table . '][' . $moveUid . '][' . $this->moveOrCopy . ']=' . $pid . '&data[' . $table . '][' . $moveUid . '][colPos]=' . $vv . '&prErr=1&vC=' . $GLOBALS['BE_USER']->veriCode();
}
$location .= '&redirect=' . rawurlencode($this->R_URI);
// returns to prev. page
......
......@@ -3363,8 +3363,10 @@ class BackendUtility {
* @param string $tokenName The name of the token GET variable
* @throws \InvalidArgumentException
* @return string A URL GET variable including ampersand
* @deprecated since TYPO3 7, will be removed in TYPO3 8. All backend modules and routes are secured by default now. If you need a url parameter with a token, use the form protection directly.
*/
static public function getUrlToken($formName = 'securityToken', $tokenName = 'formToken') {
GeneralUtility::logDeprecatedFunction();
$formProtection = FormProtectionFactory::get();
return '&' . $tokenName . '=' . $formProtection->generateToken($formName);
}
......
......@@ -68,7 +68,7 @@ class IssueCommandViewHelper extends AbstractViewHelper implements CompilableInt
$parametersArray = GeneralUtility::explodeUrl2Array($arguments['parameters']);
$urlParameters += $parametersArray;
}
return htmlspecialchars(BackendUtility::getModuleUrl('tce_db', $urlParameters) . BackendUtility::getUrlToken('tceAction'));
return htmlspecialchars(BackendUtility::getModuleUrl('tce_db', $urlParameters));
}
}
......@@ -75,7 +75,7 @@ class RemoveUserViewHelper extends AbstractViewHelper implements CompilableInter
'uPT' => 1,
'redirect' => GeneralUtility::getIndpEnv('REQUEST_URI')
];
$url = BackendUtility::getModuleUrl('tce_db', $urlParameters) . BackendUtility::getUrlToken('tceAction');
$url = BackendUtility::getModuleUrl('tce_db', $urlParameters);
return '<a class="btn btn-default t3js-modal-trigger" href="' . htmlspecialchars($url) . '"'
. ' data-severity="warning"'
......
Supports Markdown
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment