Joomla! Issue Tracker | Joomla! CMS #21791

Fixed in Code Base
21 Aug 2018
Medium
Build: 4.0-dev
# 21791
Diff
brianteeman:session-token

Pending

User tests: Successful: Unsuccessful:

brianteeman
21 Aug 2018

Fixes an obvious error that the Session::getFormToken() was being appended to the previous item instead of being prepended with an &

Note that there are still a large number of form actions without Session::getFormToken()
If someone can confirm that they should always have Session::getFormToken() then I will update those as well

Testing

Code review only

bc5ba76 21 Aug 2018

[4.0] Missing &

brianteeman - open - 21 Aug 2018

brianteeman - change - 21 Aug 2018

Status

New

⇒

Pending

joomla-cms-bot - change - 21 Aug 2018

Category

⇒

Administration com_banners com_categories com_contact com_content com_menus com_modules com_newsfeeds com_plugins com_tags com_workflow

wilsonge - comment - 21 Aug 2018

If someone can confirm that they should always have Session::getFormToken() then I will update those as well

It depends on the form action. If it submits the form it's via the form token

joomla-cms/administrator/components/com_categories/tmpl/categories/default.php

Line 286 in bc5ba76

<?php echo HTMLHelper::_('form.token'); ?>

and it's fine. If it's via ajax then we need the token in the url

wilsonge - change - 21 Aug 2018

Status	Pending	⇒	Fixed in Code Base
Closed_Date	0000-00-00 00:00:00	⇒	2018-08-21 10:40:28
Closed_By		⇒	wilsonge
Labels	Added: ?

wilsonge - close - 21 Aug 2018

wilsonge - merge - 21 Aug 2018

brianteeman - comment - 21 Aug 2018

OK - understood. So another PR will be incoming shortly for all the ajax ones that dont have a token

Add a Comment

Older
Newer

Joomla! Issue Tracker - CMS

[#21791] - [4.0] Missing &

Testing

Add a Comment