[BUGFIX] Catch invalid Enum value 07/49707/2
authorSascha Egerer <sascha@sascha-egerer.de>
Wed, 31 Aug 2016 19:13:33 +0000 (21:13 +0200)
committerWouter Wolters <typo3@wouterwolters.nl>
Thu, 1 Sep 2016 16:55:50 +0000 (18:55 +0200)
To avoid breaking the backend, any exception of the JsConfirmation
must be caught and the default value must be returned.

Resolves: #76719
Releases: master, 7.6
Change-Id: Idfea9ec8aa269ac807bf6936263da9803ea39bf8
Reviewed-on: https://review.typo3.org/49707
Tested-by: Bamboo TYPO3com <info@typo3.com>
Reviewed-by: Sascha Egerer <sascha@sascha-egerer.de>
Tested-by: Sascha Egerer <sascha@sascha-egerer.de>
Reviewed-by: Stefan Neufeind <typo3.neufeind@speedpartner.de>
Reviewed-by: Wouter Wolters <typo3@wouterwolters.nl>
Tested-by: Wouter Wolters <typo3@wouterwolters.nl>
typo3/sysext/core/Classes/Authentication/BackendUserAuthentication.php
typo3/sysext/core/Classes/Type/Bitmask/JsConfirmation.php

index fef050c..a048cab 100644 (file)
@@ -16,7 +16,9 @@ namespace TYPO3\CMS\Core\Authentication;
 
 use TYPO3\CMS\Backend\Utility\BackendUtility;
 use TYPO3\CMS\Core\Resource\ResourceStorage;
+use TYPO3\CMS\Core\Type\Bitmask\JsConfirmation;
 use TYPO3\CMS\Core\Type\Bitmask\Permission;
+use TYPO3\CMS\Core\Type\Exception\InvalidEnumerationValueException;
 use TYPO3\CMS\Core\Utility\GeneralUtility;
 
 /**
@@ -1228,15 +1230,14 @@ class BackendUserAuthentication extends \TYPO3\CMS\Core\Authentication\AbstractU
      */
     public function jsConfirmation($bitmask)
     {
-        $alertPopup = $this->getTSConfig('options.alertPopups');
-        if (empty($alertPopup['value'])) {
-            // Default: show all warnings
-            $alertPopup = 255;
-        } else {
-            $alertPopup = (int)$alertPopup['value'];
+        try {
+            $alertPopupsSetting = trim((string)$this->getTSConfig('options.alertPopups')['value']);
+            $alertPopup = JsConfirmation::cast($alertPopupsSetting === '' ? null : (int)$alertPopupsSetting);
+        } catch (InvalidEnumerationValueException $e) {
+            $alertPopup = new JsConfirmation();
         }
-        // Show confirmation
-        return ($alertPopup & $bitmask) == $bitmask;
+
+        return JsConfirmation::cast($bitmask)->matches($alertPopup);
     }
 
     /**
index 2f0e3ee..f18c0c1 100644 (file)
@@ -43,4 +43,23 @@ class JsConfirmation extends \TYPO3\CMS\Core\Type\Enumeration
      * @var int
      */
     const OTHER = 0b10000000;
+
+    /**
+     * @var int
+     */
+    const __default = 255;
+
+    /**
+     * Returns TRUE if a given value matches the internal value
+     *
+     * @param JsConfirmation $value Value to check
+     * @return bool
+     */
+    public function matches(JsConfirmation $value)
+    {
+        $value = (int)(string)$value;
+        $thisValue = (int)(string)$this;
+
+        return ($value & $thisValue) == $thisValue;
+    }
 }