Oliver Hader
authored
Inline JavaScript settings for RequireJS and ajaxUrls disclose the existence of specific extensions in a TYPO3 installation. In case no backend user is logged in RequireJS settings are fetched using an according endpoint, ajaxUrls (for backend AJAX routes) are limited to those that are accessible without having a user session. Resolves: #83855 Releases: master, 9.5, 8.7 Security-Commit: a9b60d26597449fec46bd26e0b511bc6e423ef24 Security-Bulletin: TYPO3-CORE-SA-2019-001 Change-Id: Ifa4029340e750baaf216fa953bf41b6d06d3138b Reviewed-on: https://review.typo3.org/59534 Reviewed-by:Oliver Hader <oliver.hader@typo3.org> Tested-by:
Oliver Hader <oliver.hader@typo3.org>
Name | Last commit | Last update |
---|