[SECURITY] Prevent login of restricted users 92/51892/2
authorNicole Cordes <typo3@cordes.co>
Tue, 28 Feb 2017 10:23:24 +0000 (11:23 +0100)
committerOliver Hader <oliver.hader@typo3.org>
Tue, 28 Feb 2017 10:23:30 +0000 (11:23 +0100)
commit0197adbe9ff8b8fd84d5cadfcd64a7df95048029
tree2ef5d16132104013453b26ccd6b64d3d0cbb0c0b
parentb3b63f3473a84560fa312361abc1ecbc95830bd4
[SECURITY] Prevent login of restricted users

As the new restriction handling relies on TCA information, we need to
load the TCA before any authentication starts. To prevent double loading
if a backend user is available the bootstrap API for loading TCA and
extension configuration is separated into two own functions.

Furthermore this patch resolves a wrong table parameter handling.

Resolves: #79761
Releases: master
Security-Commit: 936bf33bc337b9a00ca0b1ed4ba4d5d19b0999a1
Security-Bulletin: TYPO3-CORE-SA-2017-002
Change-Id: I2add4e96b9b1308756022c532395ce7bbc160bf2
Reviewed-on: https://review.typo3.org/51892
Reviewed-by: Oliver Hader <oliver.hader@typo3.org>
Tested-by: Oliver Hader <oliver.hader@typo3.org>
typo3/sysext/core/Classes/Authentication/AbstractUserAuthentication.php
typo3/sysext/core/Classes/Core/Bootstrap.php
typo3/sysext/frontend/Classes/Http/RequestHandler.php