Uploaded image for project: 'eZ Publish / Platform'
  1. eZ Publish / Platform
  2. EZP-20790

Possible inconsistency between doc and the way CSRF works, notably between 5 stack and LS

    Details

      Description

      There might be an inconsistency between the documentation and the way CSRF works, notably with legacy. This question details the issue:
      http://stackoverflow.com/questions/16216134/symfony-2-form-in-ez-publish-5-csrf-intuition

      (doc link pointed to from the question: https://confluence.ez.no/display/EZP/Legacy+configuration+injection#Legacyconfigurationinjection-eZFormToken(CSRF)integration )

      Cheers,

        Issue Links

          Activity

          Nicolas Pastorino (Inactive) created issue -
          Nicolas Pastorino (Inactive) made changes -
          Field Original Value New Value
          Link This issue relates to EZP-20783 [ EZP-20783 ]
          André Rømcke made changes -
          Status Open [ 1 ] Backlog [ 10000 ]
          Hide
          André Rømcke added a comment - - edited

          Possible issue here is that ezpKernelWeb now has this in requestInit():
          >> ezpEvent::getInstance()->notify( 'request/input', array( $this->uri ) );

          However that means form tokens are checked when runCallback is used, while we only want it to be checked on run() afaik.

          Show
          André Rømcke added a comment - - edited Possible issue here is that ezpKernelWeb now has this in requestInit(): >> ezpEvent::getInstance()->notify( 'request/input', array( $this->uri ) ); However that means form tokens are checked when runCallback is used, while we only want it to be checked on run() afaik .
          André Rømcke made changes -
          Fix Version/s Engineering tracked issues [ 11179 ]
          André Rømcke made changes -
          Workflow eZ Engineering Scrumban Workflow [ 53506 ] EZ* Development Workflow [ 69629 ]
          Dominika Kurek made changes -
          Labels documentation doc-publish documentation
          Alex Schuster made changes -
          Workflow EZ* Development Workflow [ 69629 ] EZEE Development Workflow [ 107934 ]
          Dominika Kurek made changes -
          Status Backlog [ 10000 ] Closed [ 6 ]
          Resolution Obsolete [ 8 ]
          Transition Time In Source Status Execution Times Last Executer Last Execution Date
          Open Open Backlog Backlog
          6d 21h 37m 1 André Rømcke 06/May/13 5:21 PM
          Backlog Backlog Closed Closed
          1674d 23h 1m 1 Dominika Kurek 06/Dec/17 3:22 PM

            People

            • Assignee:
              Unassigned
              Reporter:
              Nicolas Pastorino (Inactive)
            • Votes:
              0 Vote for this issue
              Watchers:
              2 Start watching this issue

              Dates

              • Created:
                Updated:
                Resolved: