[BUGFIX] Don't save form protection error messages in session
authorHelmut Hummel <helmut.hummel@typo3.org>
Sun, 25 Sep 2011 14:52:53 +0000 (16:52 +0200)
committerHelmut Hummel <typo3@helmut-hummel.de>
Sun, 19 Feb 2012 18:26:16 +0000 (19:26 +0100)
Do not persist flash messages in the session if we are in an Ajax context
because then the flash message is rendered out of context the next time
the flash message queue is flushed.

Change-Id: Ifbe579d5507a677d859dcd4365cea0134b1804e0
Resolves: #30272
Releases: 4.5, 4.6, 4.7
Reviewed-on: http://review.typo3.org/9111
Reviewed-by: Helmut Hummel
Tested-by: Helmut Hummel
t3lib/formprotection/class.t3lib_formprotection_backendformprotection.php
tests/t3lib/formprotection/t3lib_formprotection_BackendFormProtectionTest.php

index 0387952..be2da71 100644 (file)
@@ -132,7 +132,8 @@ class t3lib_formprotection_BackendFormProtection extends t3lib_formprotection_Ab
                        ),
                        '',
                        t3lib_FlashMessage::ERROR,
-                       TRUE
+                               // Do not save error message in session if we are in an Ajax action
+                       !(isset($GLOBALS['TYPO3_AJAX']) && $GLOBALS['TYPO3_AJAX'] === TRUE)
                );
                t3lib_FlashMessageQueue::addMessage($message);
        }
index f94af8c..5402fdc 100644 (file)
  */
 class t3lib_formprotection_BackendFormProtectionTest extends tx_phpunit_testcase {
        /**
-        * a backup of the current BE user
+        * Enable backup of global and system variables
         *
-        * @var t3lib_beUserAuth
+        * @var boolean
         */
-       private $backEndUserBackup = NULL;
+       protected $backupGlobals = TRUE;
+
+       /**
+        * Exclude TYPO3_DB from backup/ restore of $GLOBALS
+        * because resource types cannot be handled during serializing
+        *
+        * @var array
+        */
+       protected $backupGlobalsBlacklist = array('TYPO3_DB');
+
 
        /**
         * @var t3lib_formprotection_BackendFormProtection
@@ -46,7 +55,6 @@ class t3lib_formprotection_BackendFormProtectionTest extends tx_phpunit_testcase
        private $fixture;
 
        public function setUp() {
-               $this->backEndUserBackup = $GLOBALS['BE_USER'];
                $GLOBALS['BE_USER'] = $this->getMock(
                        't3lib_beUserAuth',
                        array('getSessionData', 'setAndSaveSessionData')
@@ -60,9 +68,6 @@ class t3lib_formprotection_BackendFormProtectionTest extends tx_phpunit_testcase
        public function tearDown() {
                $this->fixture->__destruct();
                unset($this->fixture);
-
-               $GLOBALS['BE_USER'] = $this->backEndUserBackup;
-
                t3lib_FlashMessageQueue::getAllMessagesAndFlush();
        }
 
@@ -230,6 +235,27 @@ class t3lib_formprotection_BackendFormProtectionTest extends tx_phpunit_testcase
                $this->fixture->createValidationErrorMessage();
 
                $messages = t3lib_FlashMessageQueue::getAllMessagesAndFlush();
+
+               $this->assertNotEmpty($messages);
+               $this->assertContains(
+                       $GLOBALS['LANG']->sL(
+                               'LLL:EXT:lang/locallang_core.xml:error.formProtection.tokenInvalid'
+                       ),
+                       $messages[0]->render()
+               );
+       }
+
+       /**
+        * @test
+        */
+       public function createValidationErrorMessageAddsErrorFlashMessageButNotInSessionInAjaxRequest() {
+               $GLOBALS['BE_USER'] = $this->createBackendUserSessionStorageStub();
+               $GLOBALS['TYPO3_AJAX'] = TRUE;
+               $this->fixture->createValidationErrorMessage();
+
+               $messages = t3lib_FlashMessageQueue::$messages;
+
+               $this->assertNotEmpty($messages);
                $this->assertContains(
                        $GLOBALS['LANG']->sL(
                                'LLL:EXT:lang/locallang_core.xml:error.formProtection.tokenInvalid'