[BUGFIX] Fix PHP warning trigged in getAuthInfoArray() 56/22956/9
authorChristian Finkemeier <c.finkemeier@caw-media.de>
Thu, 8 Aug 2013 13:18:55 +0000 (15:18 +0200)
committerStefan Neufeind <typo3.neufeind@speedpartner.de>
Mon, 23 Sep 2013 21:32:20 +0000 (23:32 +0200)
AbstractUserAuthentication::getAuthInfoArray() calls
$GLOBALS['TYPO3_DB']->cleanIntList() with a possible NULL argument.
This leads to a PHP warning in GeneralUtility::trimExplode().

Resolves: #50913
Relates: #42921
Releases: 6.2, 6.1, 6.0, 4.7, 4.5
Change-Id: I42ddf8fed715c5f8ce060e6ca5826ef3ed8f223e
Reviewed-on: https://review.typo3.org/22956
Reviewed-by: Anja Leichsenring
Tested-by: Anja Leichsenring
Reviewed-by: Stefan Neufeind
Tested-by: Stefan Neufeind
typo3/sysext/core/Classes/Authentication/AbstractUserAuthentication.php
typo3/sysext/core/Tests/Unit/Authentication/AbstractUserAuthenticationTest.php

index a067960..66f3035 100644 (file)
@@ -1327,8 +1327,14 @@ abstract class AbstractUserAuthentication {
                $authInfo['db_user']['userident_column'] = $this->userident_column;
                $authInfo['db_user']['usergroup_column'] = $this->usergroup_column;
                $authInfo['db_user']['enable_clause'] = $this->user_where_clause();
-               $authInfo['db_user']['checkPidList'] = $this->checkPid ? $this->checkPid_value : '';
-               $authInfo['db_user']['check_pid_clause'] = $this->checkPid ? ' AND pid IN (' . $GLOBALS['TYPO3_DB']->cleanIntList($authInfo['db_user']['checkPidList']) . ')' : '';
+               if ($this->checkPid && $this->checkPid_value !== NULL) {
+                       $authInfo['db_user']['checkPidList'] = $this->checkPid_value;
+                       $authInfo['db_user']['check_pid_clause'] = ' AND pid IN (' .
+                               $GLOBALS['TYPO3_DB']->cleanIntList($this->checkPid_value) . ')';
+               } else {
+                       $authInfo['db_user']['checkPidList'] = '';
+                       $authInfo['db_user']['check_pid_clause'] = '';
+               }
                $authInfo['db_groups']['table'] = $this->usergroup_table;
                return $authInfo;
        }
index c86262c..064345d 100644 (file)
@@ -151,6 +151,21 @@ class AbstractUserAuthenticationTest extends \TYPO3\CMS\Core\Tests\UnitTestCase
                $this->assertEquals($mock->processLoginData($originalData, $passwordSubmissionStrategy), $processedData);
        }
 
+       /**
+        * @test
+        */
+       public function getAuthInfoArrayReturnsEmptyPidListIfNoCheckPidValueIsGiven() {
+               $GLOBALS['TYPO3_DB'] = $this->getMock('TYPO3\\CMS\\Core\\Database\\DatabaseConnection', array('cleanIntList'));
+               $GLOBALS['TYPO3_DB']->expects($this->never())->method('cleanIntList');
+
+               /** @var $mock \TYPO3\CMS\Core\Authentication\AbstractUserAuthentication */
+               $mock = $this->getMock('TYPO3\\CMS\\Core\\Authentication\\AbstractUserAuthentication', array('dummy'));
+               $mock->checkPid = TRUE;
+               $mock->checkPid_value = NULL;
+               $result = $mock->getAuthInfoArray();
+               $this->assertEquals('', $result['db_user']['checkPidList']);
+       }
+
 }
 
 ?>
\ No newline at end of file