[BUGFIX] Avoid wrong SQL query in fe_login user group redirect 31/45131/2
authorFrederic Gaus <frederic.gaus@flagbit.de>
Mon, 11 May 2015 15:07:11 +0000 (17:07 +0200)
committerMarkus Klein <markus.klein@typo3.org>
Fri, 4 Dec 2015 20:06:36 +0000 (21:06 +0100)
Ensure that no invalid group data is collected and check
if any group is set at all before running the SQL query.

Change-Id: I5792ff606d60ba5e5a108ed18c2ec91e354f85ff
Resolves: #64966
Releases: master, 6.2
Reviewed-on: https://review.typo3.org/45131
Reviewed-by: Markus Klein <markus.klein@typo3.org>
Tested-by: Markus Klein <markus.klein@typo3.org>
typo3/sysext/felogin/Classes/Controller/FrontendLoginController.php
typo3/sysext/frontend/Classes/Authentication/FrontendUserAuthentication.php

index 1ea6bfc..8bc91b0 100644 (file)
@@ -628,24 +628,26 @@ class FrontendLoginController extends \TYPO3\CMS\Frontend\Plugin\AbstractPlugin
                                                case 'groupLogin':
                                                        // taken from dkd_redirect_at_login written by Ingmar Schlecht; database-field changed
                                                        $groupData = $GLOBALS['TSFE']->fe_user->groupData;
-                                                       $res = $GLOBALS['TYPO3_DB']->exec_SELECTquery(
-                                                               'felogin_redirectPid',
-                                                               $GLOBALS['TSFE']->fe_user->usergroup_table,
-                                                               'felogin_redirectPid<>\'\' AND uid IN (' . implode(',', $groupData['uid']) . ')'
-                                                       );
-                                                       if ($row = $GLOBALS['TYPO3_DB']->sql_fetch_row($res)) {
+                                                       if (!empty($groupData['uid'])) {
                                                                // take the first group with a redirect page
-                                                               $redirect_url[] = $this->pi_getPageLink($row[0]);
+                                                               $row = $GLOBALS['TYPO3_DB']->exec_SELECTgetSingleRow(
+                                                                       'felogin_redirectPid',
+                                                                       $GLOBALS['TSFE']->fe_user->usergroup_table,
+                                                                       'felogin_redirectPid<>\'\' AND uid IN (' . implode(',', $groupData['uid']) . ')'
+                                                               );
+                                                               if ($row) {
+                                                                       $redirect_url[] = $this->pi_getPageLink($row['felogin_redirectPid']);
+                                                               }
                                                        }
                                                        break;
                                                case 'userLogin':
-                                                       $res = $GLOBALS['TYPO3_DB']->exec_SELECTquery(
+                                                       $row = $GLOBALS['TYPO3_DB']->exec_SELECTgetSingleRow(
                                                                'felogin_redirectPid',
                                                                $GLOBALS['TSFE']->fe_user->user_table,
                                                                $GLOBALS['TSFE']->fe_user->userid_column . '=' . $GLOBALS['TSFE']->fe_user->user['uid'] . ' AND felogin_redirectPid<>\'\''
                                                        );
-                                                       if ($row = $GLOBALS['TYPO3_DB']->sql_fetch_row($res)) {
-                                                               $redirect_url[] = $this->pi_getPageLink($row[0]);
+                                                       if ($row) {
+                                                               $redirect_url[] = $this->pi_getPageLink($row['felogin_redirectPid']);
                                                        }
                                                        break;
                                                case 'login':
index 8ab941a..8fe76ff 100644 (file)
@@ -341,7 +341,7 @@ class FrontendUserAuthentication extends \TYPO3\CMS\Core\Authentication\Abstract
                                unset($serviceObj);
                        }
                        unset($serviceObj);
-                       if ($validGroup) {
+                       if ($validGroup && (string)$groupData['uid'] !== '') {
                                $this->groupData['title'][$groupData['uid']] = $groupData['title'];
                                $this->groupData['uid'][$groupData['uid']] = $groupData['uid'];
                                $this->groupData['pid'][$groupData['uid']] = $groupData['pid'];