[BUGFIX] Fix IP lock clause when [FE][lockIP] is 0 08/50908/2
authorWouter Wolters <typo3@wouterwolters.nl>
Wed, 7 Dec 2016 09:11:14 +0000 (10:11 +0100)
committerChristian Kuhn <lolli@schwarzbu.ch>
Thu, 8 Dec 2016 20:25:59 +0000 (21:25 +0100)
The method getNewSessionRecord doesn't check
lockIP setting 0 correctly. Add a check to disable checking
when lockIP is 0.

Resolves: #78902
Releases: master,7.6
Change-Id: Ic060ed36e9a7d4fdb1534ffe76ce8bbbee31038c
Reviewed-on: https://review.typo3.org/50908
Reviewed-by: Wouter Wolters <typo3@wouterwolters.nl>
Tested-by: TYPO3com <no-reply@typo3.com>
Tested-by: Wouter Wolters <typo3@wouterwolters.nl>
Reviewed-by: Christian Kuhn <lolli@schwarzbu.ch>
Tested-by: Christian Kuhn <lolli@schwarzbu.ch>
typo3/sysext/core/Classes/Authentication/AbstractUserAuthentication.php

index 2f963f1..770174d 100644 (file)
@@ -872,10 +872,15 @@ abstract class AbstractUserAuthentication
      */
     public function getNewSessionRecord($tempuser)
     {
+        $sessionIpLock = '[DISABLED]';
+        if ($this->lockIP && empty($tempuser['disableIPlock'])) {
+            $sessionIpLock = $this->ipLockClause_remoteIPNumber($this->lockIP);
+        }
+
         return [
             'ses_id' => $this->id,
             'ses_name' => $this->name,
-            'ses_iplock' => $tempuser['disableIPlock'] ? '[DISABLED]' : $this->ipLockClause_remoteIPNumber($this->lockIP),
+            'ses_iplock' => $sessionIpLock,
             'ses_hashlock' => $this->hashLockClause_getHashInt(),
             'ses_userid' => $tempuser[$this->userid_column],
             'ses_tstamp' => $GLOBALS['EXEC_TIME'],
@@ -1102,7 +1107,6 @@ abstract class AbstractUserAuthentication
      *
      * @param int $parts 1-4: Indicates how many parts of the IP address to return. 4 means all, 1 means only first number.
      * @return string (Partial) IP address for REMOTE_ADDR
-     * @access private
      */
     protected function ipLockClause_remoteIPNumber($parts)
     {