[BUGFIX] Prevent TypoScript condition expressions breaking TYPO3 80/58280/5
authorFrank Naegler <frank.naegler@typo3.org>
Fri, 14 Sep 2018 19:24:04 +0000 (21:24 +0200)
committerMarkus Klein <markus.klein@typo3.org>
Sat, 15 Sep 2018 12:23:51 +0000 (14:23 +0200)
commitb22bb42c7b5865b9dd5e8e6f61129107522038e3
tree2fb92a415ec01573d7be99578395000de8768768
parent473a4958795f02be40c1c7ccdae5e2da8258aaa3
[BUGFIX] Prevent TypoScript condition expressions breaking TYPO3

This patch introduces error handling to mitigate a missing type check
in the Symfony Expression Language handler. In case a condition
uses the "in" or "not in" check in combination with a non-array a PHP
warning is thrown.

Example: [1 in "foo"] or ["bar" in "foo,baz"]
These conditions are broken, but they will break the complete installation
including the backend. To mitigate the problem we do the following:

1) In FE an InvalidTypoScriptConditionException is thrown (if strictSyntax is enabled)
2) In FE catch this error silently and log it (if strictSyntax is disabled)
3) In BE catch this error silently and log it, but never break the backend.

Resolves: #86257
Releases: master
Change-Id: I2a54f819383775a300af6848cfc85e9f626bec21
Reviewed-on: https://review.typo3.org/58280
Tested-by: TYPO3com <no-reply@typo3.com>
Reviewed-by: Christian Kuhn <lolli@schwarzbu.ch>
Tested-by: Christian Kuhn <lolli@schwarzbu.ch>
Reviewed-by: Markus Klein <markus.klein@typo3.org>
Tested-by: Markus Klein <markus.klein@typo3.org>
typo3/sysext/core/Classes/Configuration/TypoScript/ConditionMatching/AbstractConditionMatcher.php