[BUGFIX] Do not log out a logged out user 60/41460/2
authorHelmut Hummel <helmut.hummel@typo3.org>
Thu, 16 Jul 2015 12:48:20 +0000 (14:48 +0200)
committerFrank Nägler <frank.naegler@typo3.org>
Thu, 16 Jul 2015 13:25:51 +0000 (15:25 +0200)
It can happen that the logout action of the logout
controller is called without a user being logged in.

To avoid a fatal error, we do not call the logoff
code any more and just do the redirect handling.

Releases: master, 6.2
Resolves: #68220
Change-Id: I06f6289d01c681d4b412910ded8e9894f377892d
Reviewed-on: http://review.typo3.org/41460
Reviewed-by: Andreas Fernandez <typo3@scripting-base.de>
Reviewed-by: Susanne Moog <typo3@susannemoog.de>
Tested-by: Susanne Moog <typo3@susannemoog.de>
Reviewed-by: Markus Sommer <markussom@posteo.de>
Tested-by: Markus Sommer <markussom@posteo.de>
Reviewed-by: Frank Nägler <frank.naegler@typo3.org>
Tested-by: Frank Nägler <frank.naegler@typo3.org>
typo3/sysext/backend/Classes/Controller/LogoutController.php

index c8576d5..ecf78c2 100644 (file)
@@ -30,12 +30,14 @@ class LogoutController {
         * @return void
         */
        public function logout() {
-               // Logout written to log
-               $this->getBackendUser()->writelog(255, 2, 0, 1, 'User %s logged out from TYPO3 Backend', array($this->getBackendUser()->user['username']));
-               /** @var \TYPO3\CMS\Core\FormProtection\BackendFormProtection $backendFormProtection */
-               $backendFormProtection = FormProtectionFactory::get();
-               $backendFormProtection->removeSessionTokenFromRegistry();
-               $this->getBackendUser()->logoff();
+               if (!empty($this->getBackendUser()->user['username'])) {
+                       // Logout written to log
+                       $this->getBackendUser()->writelog(255, 2, 0, 1, 'User %s logged out from TYPO3 Backend', array($this->getBackendUser()->user['username']));
+                       /** @var \TYPO3\CMS\Core\FormProtection\BackendFormProtection $backendFormProtection */
+                       $backendFormProtection = FormProtectionFactory::get();
+                       $backendFormProtection->removeSessionTokenFromRegistry();
+                       $this->getBackendUser()->logoff();
+               }
                $redirect = GeneralUtility::sanitizeLocalUrl(GeneralUtility::_GP('redirect'));
                $redirectUrl = $redirect ? $redirect : 'index.php';
                HttpUtility::redirect($redirectUrl);