[BUGFIX] Prevent PHP warning on entering an empty install tool password 28/53628/2
authorMarkus Hoelzle <typo3@markus-hoelzle.de>
Fri, 28 Jul 2017 10:27:26 +0000 (12:27 +0200)
committerSusanne Moog <susanne.moog@typo3.org>
Mon, 31 Jul 2017 08:49:03 +0000 (10:49 +0200)
Show a useful message if an empty install tool password is entered.

Resolves: #81936
Releases: master, 8.7
Change-Id: I17aaf2aaeb5b31a68c8701cdaa560c00364bea1e
Reviewed-on: https://review.typo3.org/53628
Tested-by: TYPO3com <no-reply@typo3.com>
Reviewed-by: Susanne Moog <susanne.moog@typo3.org>
Tested-by: Susanne Moog <susanne.moog@typo3.org>
typo3/sysext/install/Classes/Controller/AbstractController.php

index b256ed4..cf30f0e 100644 (file)
@@ -212,7 +212,7 @@ class AbstractController
         if ($action === 'login') {
             $password = '';
             $validPassword = false;
-            if (isset($postValues['values']['password'])) {
+            if (isset($postValues['values']['password']) && $postValues['values']['password'] !== '') {
                 $password = $postValues['values']['password'];
                 $installToolPassword = $GLOBALS['TYPO3_CONF_VARS']['BE']['installToolPassword'];
                 $saltFactory = \TYPO3\CMS\Saltedpasswords\Salt\SaltFactory::getSaltingInstance($installToolPassword);
@@ -235,13 +235,18 @@ class AbstractController
                 $this->sendLoginSuccessfulMail();
                 $this->redirect();
             } else {
-                $saltFactory = \TYPO3\CMS\Saltedpasswords\Salt\SaltFactory::getSaltingInstance(null, 'BE');
-                $hashedPassword = $saltFactory->getHashedPassword($password);
+                if (!isset($postValues['values']['password']) || $postValues['values']['password'] === '') {
+                    $messageText = 'Please enter the install tool password';
+                } else {
+                    $saltFactory = \TYPO3\CMS\Saltedpasswords\Salt\SaltFactory::getSaltingInstance(null, 'BE');
+                    $hashedPassword = $saltFactory->getHashedPassword($password);
+                    $messageText = 'Given password does not match the install tool login password. ' .
+                        'Calculated hash: ' . $hashedPassword;
+                }
                 /** @var $message \TYPO3\CMS\Install\Status\ErrorStatus */
                 $message = GeneralUtility::makeInstance(\TYPO3\CMS\Install\Status\ErrorStatus::class);
                 $message->setTitle('Login failed');
-                $message->setMessage('Given password does not match the install tool login password. ' .
-                    'Calculated hash: ' . $hashedPassword);
+                $message->setMessage($messageText);
                 $this->sendLoginFailedMail();
                 $this->output($this->loginForm($message));
             }