Joomla! Issue Tracker | Joomla! CMS #20642 - [4.0] Check Session token in header

J4 Issue ?

Closed
17 Jun 2018
Medium
Build: staging
# 20642

schnuti
1 Jun 2018

Steps to reproduce the issue

Was there a reason to remove this check from checkToken() in Session.php?

		if ($token === $app->input->server->get('HTTP_X_CSRF_TOKEN', '', 'alnum'))
		{
			return true;
		}

It's still handled and set in core.js - function Joomla.request

One of them is a bug.

schnuti - open - 1 Jun 2018

joomla-cms-bot - change - 1 Jun 2018

Labels

Added: ?

joomla-cms-bot - labeled - 1 Jun 2018

franz-wohlkoenig - change - 1 Jun 2018

Category

⇒

Authentication

brianteeman - change - 2 Jun 2018

Labels

Added: J4 Issue

brianteeman - labeled - 2 Jun 2018

franz-wohlkoenig - comment - 12 Jun 2018

Can an more experienced User than me please answer as this Issue is set on "New" since 11 Days?

_{This comment was created with the J!Tracker Application at issues.joomla.org/tracker/joomla-cms/20642.}

franz-wohlkoenig - change - 12 Jun 2018

Status

New

⇒

Information Required

mbabker - comment - 12 Jun 2018

Probably lost in a merge conflict, not intentionally removed.

TBH, it's time to deprecate the static methods in the CMS Session class and we should look at how to transition to the application's checkToken method.

franz-wohlkoenig - comment - 12 Jun 2018

thanks for Comment, @mbabker

franz-wohlkoenig - change - 12 Jun 2018

Status

Information Required

⇒

Discussion

brianteeman - comment - 17 Jun 2018

closed see #20786

brianteeman - change - 17 Jun 2018

Status	Discussion	⇒	Closed
Closed_Date	0000-00-00 00:00:00	⇒	2018-06-17 21:50:07
Closed_By		⇒	brianteeman

brianteeman - close - 17 Jun 2018

Add a Comment

Older
Newer

Joomla! Issue Tracker - CMS

[#20642] - [4.0] Check Session token in header

Steps to reproduce the issue

Add a Comment