Skip to content

2.7.0 Security Release
Compare
Choose a tag to compare
@sbusemann sbusemann released this 05 Dec 10:36
2.7.0
ae25309

You will find here security backports for TYPO3 7.6 LTS. If you use TYPO3 8 or 9 please use version 5.x

Upgrade

Due to changes in some templates, you need to adjust your templates, if you use your own ones.

  1. Added element id for new / edit / invitation templates: If you use your own HTML templates of new/edit/invitation-templates you should compare them with the one from EXT:femanager. There is a new additional attribute inside the form viewhelper: data-femanager-plugin, which contains the content element id.
  2. If you use a modified version of the Validation.js, there are also changes: plugin and action parameter is send to
    the eID-Script now
  3. The edit template has to be adjusted, as there is a new parameter 'token' is introduced. (see example below)

Example

Please update these partials:

:file:/Partials/Misc/DeleteLink.html

The argument token was introduced :html:(token:token)

old template code

	<f:link.action
		action="delete"
		arguments="{user:user}"
		class="btn btn-warning btn-large"
		additionalAttributes="{data-confirm:'{f:translate(key:\'UserDeleteConfirmation\')}'}">
		<i class="icon-trash icon-white"></i>
		<f:translate key="deleteProfile" />
	</f:link.action>

new template code:

	<f:link.action
		action="delete"
		arguments="{user:user, token:token}"
		class="btn btn-warning btn-large"
		additionalAttributes="{data-confirm:'{f:translate(key:\'UserDeleteConfirmation\')}'}">
		<i class="icon-trash icon-white"></i>
		<f:translate key="deleteProfile" />
	</f:link.action>

:file:/Templates/Edit/Edit.html

You need to add: :html:<f:form.hidden name="token" value="{token}" /> between the form tag.

Example:

	<f:form
		name="user"
		object="{user}"
		action="update"
		enctype="multipart/form-data"
		additionalAttributes="{data-femanager-plugin:data.uid}"
		class="form-horizontal {f:if(condition:'{settings.edit.validation._enable.client}',then:'feManagerValidation',else:'')}">
	<fieldset>
		<legend>
			<f:translate key="titleUpdateProfile" />
		</legend>

		<f:form.hidden name="token" value="{token}" />

		more stuff here in the template file…

	</f:form>
Assets 2
Loading