[BUGFIX] Redirect BE user to login on invalid module/route token 87/50687/2
authorFrans Saris <franssaris@gmail.com>
Tue, 15 Nov 2016 11:24:01 +0000 (12:24 +0100)
committerMarkus Klein <markus.klein@typo3.org>
Thu, 17 Nov 2016 06:59:52 +0000 (07:59 +0100)
Resolves: #69763
Releases: master, 7.6
Change-Id: I2d9e80b7c669c55067690aedf5a7c91256d7c28b
Reviewed-on: https://review.typo3.org/50687
Reviewed-by: Markus Klein <markus.klein@typo3.org>
Tested-by: Markus Klein <markus.klein@typo3.org>
typo3/sysext/backend/Classes/Http/RequestHandler.php
typo3/sysext/backend/Classes/Http/RouteDispatcher.php
typo3/sysext/backend/Classes/Routing/Exception/InvalidRequestTokenException.php [new file with mode: 0644]

index 4bafdbb..bd05b1b 100644 (file)
@@ -16,6 +16,7 @@ namespace TYPO3\CMS\Backend\Http;
 
 use Psr\Http\Message\ResponseInterface;
 use Psr\Http\Message\ServerRequestInterface;
+use TYPO3\CMS\Backend\Routing\Exception\InvalidRequestTokenException;
 use TYPO3\CMS\Backend\Routing\Exception\RouteNotFoundException;
 use TYPO3\CMS\Core\Core\Bootstrap;
 use TYPO3\CMS\Core\Http\RequestHandlerInterface;
@@ -91,7 +92,14 @@ class RequestHandler implements RequestHandlerInterface
 
         // Check if the router has the available route and dispatch.
         if ($routingEnabled) {
-            return $this->dispatch($request);
+            try {
+                return $this->dispatch($request);
+
+                // When token was invalid redirect to login
+            } catch (InvalidRequestTokenException $e) {
+                $url = GeneralUtility::getIndpEnv('TYPO3_SITE_URL') . TYPO3_mainDir;
+                \TYPO3\CMS\Core\Utility\HttpUtility::redirect($url);
+            }
         }
 
         // No route found, so the system proceeds in called entrypoint as fallback.
index b7cac33..19db8cb 100644 (file)
@@ -16,7 +16,7 @@ namespace TYPO3\CMS\Backend\Http;
 
 use Psr\Http\Message\ResponseInterface;
 use Psr\Http\Message\ServerRequestInterface;
-use TYPO3\CMS\Backend\Routing\Exception\RouteNotFoundException;
+use TYPO3\CMS\Backend\Routing\Exception\InvalidRequestTokenException;
 use TYPO3\CMS\Backend\Routing\Route;
 use TYPO3\CMS\Backend\Routing\Router;
 use TYPO3\CMS\Core\FormProtection\FormProtectionFactory;
@@ -46,7 +46,7 @@ class RouteDispatcher extends Dispatcher implements DispatcherInterface
         $route = $router->matchRequest($request);
         $request = $request->withAttribute('route', $route);
         if (!$this->isValidRequest($request)) {
-            throw new RouteNotFoundException('Invalid request for route "' . $route->getPath() . '"', 1425389455);
+            throw new InvalidRequestTokenException('Invalid request for route "' . $route->getPath() . '"', 1425389455);
         }
 
         $targetIdentifier = $route->getOption('target');
diff --git a/typo3/sysext/backend/Classes/Routing/Exception/InvalidRequestTokenException.php b/typo3/sysext/backend/Classes/Routing/Exception/InvalidRequestTokenException.php
new file mode 100644 (file)
index 0000000..35ad49d
--- /dev/null
@@ -0,0 +1,22 @@
+<?php
+namespace TYPO3\CMS\Backend\Routing\Exception;
+
+/*
+ * This file is part of the TYPO3 CMS project.
+ *
+ * It is free software; you can redistribute it and/or modify it under
+ * the terms of the GNU General Public License, either version 2
+ * of the License, or any later version.
+ *
+ * For the full copyright and license information, please read the
+ * LICENSE.txt file that was distributed with this source code.
+ *
+ * The TYPO3 project - inspiring people to share!
+ */
+
+/**
+ * Exception thrown when request token was invalid
+ */
+class InvalidRequestTokenException extends \TYPO3\CMS\Core\Exception
+{
+}