[TASK] unserialize() without objects for extConf 14/48314/4
authorChristian Kuhn <lolli@schwarzbu.ch>
Fri, 27 May 2016 10:22:18 +0000 (12:22 +0200)
committerOliver Hader <oliver.hader@typo3.org>
Fri, 27 May 2016 11:42:44 +0000 (13:42 +0200)
To mitigate potential "unsecure unserialize()" issues, the new PHP7
feature to allow only specific classes or to totally deny object
creation is rolled out throughout the core in v8.

Since a lot of places use unserialize() and some are critical or
hard to understand, this is done with a series of patches for
single areas.

This patch denies object creation at all places where
$GLOBALS['TYPO3_CONF_VARS']['EXT']['extConf']['anExtension'] is
unserialized() - the extension manager and ext_conf_template.txt
handling never handles objects at this place, so it should be
safe to deny objects at all places.

Change-Id: Ie96e6fb6837418fd765f883b216b7a9c5af5795d
Resolves: #76320
Releases: master
Reviewed-on: https://review.typo3.org/48314
Reviewed-by: Morton Jonuschat <m.jonuschat@mojocode.de>
Tested-by: Morton Jonuschat <m.jonuschat@mojocode.de>
Reviewed-by: Oliver Hader <oliver.hader@typo3.org>
Tested-by: Oliver Hader <oliver.hader@typo3.org>
24 files changed:
typo3/sysext/backend/Classes/Controller/BackendController.php
typo3/sysext/backend/Classes/Controller/LoginController.php
typo3/sysext/compatibility7/Classes/Controller/SearchFormController.php
typo3/sysext/css_styled_content/Configuration/TCA/Overrides/pages.php
typo3/sysext/css_styled_content/ext_localconf.php
typo3/sysext/dbal/Classes/Database/DatabaseConnection.php
typo3/sysext/extensionmanager/Classes/Utility/ConfigurationUtility.php
typo3/sysext/extensionmanager/ext_localconf.php
typo3/sysext/fluid_styled_content/Configuration/TCA/Overrides/pages.php
typo3/sysext/fluid_styled_content/ext_localconf.php
typo3/sysext/indexed_search/Classes/Controller/AdministrationController.php
typo3/sysext/indexed_search/Classes/Controller/SearchController.php
typo3/sysext/indexed_search/Classes/FileContentParser.php
typo3/sysext/indexed_search/Classes/Indexer.php
typo3/sysext/indexed_search/ext_localconf.php
typo3/sysext/install/Classes/Service/SilentConfigurationUpgradeService.php
typo3/sysext/install/Tests/Unit/Service/SilentConfigurationUpgradeServiceTest.php
typo3/sysext/rsaauth/Classes/Backend/CommandLineBackend.php
typo3/sysext/rsaauth/Classes/BackendWarnings.php
typo3/sysext/rtehtmlarea/ext_localconf.php
typo3/sysext/saltedpasswords/Classes/Utility/ExtensionManagerConfigurationUtility.php
typo3/sysext/saltedpasswords/Classes/Utility/SaltedPasswordsUtility.php
typo3/sysext/scheduler/Classes/Scheduler.php
typo3/sysext/scheduler/ext_localconf.php

index 37f9cf0..f273077 100644 (file)
@@ -263,7 +263,7 @@ class BackendController
         $view = $this->getFluidTemplateObject($this->templatePath . 'Backend/Main.html');
 
         // Extension Configuration to find the TYPO3 logo in the left corner
         $view = $this->getFluidTemplateObject($this->templatePath . 'Backend/Main.html');
 
         // Extension Configuration to find the TYPO3 logo in the left corner
-        $extConf = unserialize($GLOBALS['TYPO3_CONF_VARS']['EXT']['extConf']['backend']);
+        $extConf = unserialize($GLOBALS['TYPO3_CONF_VARS']['EXT']['extConf']['backend'], ['allowed_classes' => false]);
         $logoPath = '';
         if (!empty($extConf['backendLogo'])) {
             $customBackendLogo = GeneralUtility::getFileAbsFileName($extConf['backendLogo']);
         $logoPath = '';
         if (!empty($extConf['backendLogo'])) {
             $customBackendLogo = GeneralUtility::getFileAbsFileName($extConf['backendLogo']);
index 4923a2e..8172309 100644 (file)
@@ -159,7 +159,7 @@ class LoginController
         $this->checkRedirect();
 
         // Extension Configuration
         $this->checkRedirect();
 
         // Extension Configuration
-        $extConf = unserialize($GLOBALS['TYPO3_CONF_VARS']['EXT']['extConf']['backend']);
+        $extConf = unserialize($GLOBALS['TYPO3_CONF_VARS']['EXT']['extConf']['backend'], ['allowed_classes' => false]);
 
         // Background Image
         if (!empty($extConf['loginBackgroundImage'])) {
 
         // Background Image
         if (!empty($extConf['loginBackgroundImage'])) {
index 5144c08..783cf52 100755 (executable)
@@ -216,7 +216,7 @@ class SearchFormController extends \TYPO3\CMS\Frontend\Plugin\AbstractPlugin
     public function initialize()
     {
         // Indexer configuration from Extension Manager interface:
     public function initialize()
     {
         // Indexer configuration from Extension Manager interface:
-        $this->indexerConfig = unserialize($GLOBALS['TYPO3_CONF_VARS']['EXT']['extConf']['indexed_search']);
+        $this->indexerConfig = unserialize($GLOBALS['TYPO3_CONF_VARS']['EXT']['extConf']['indexed_search'], ['allowed_classes' => false]);
         $this->enableMetaphoneSearch = (bool)$this->indexerConfig['enableMetaphoneSearch'];
         $this->storeMetaphoneInfoAsWords = !\TYPO3\CMS\IndexedSearch\Utility\IndexedSearchUtility::isTableUsed('index_words');
         $this->timeTracker = GeneralUtility::makeInstance(TimeTracker::class);
         $this->enableMetaphoneSearch = (bool)$this->indexerConfig['enableMetaphoneSearch'];
         $this->storeMetaphoneInfoAsWords = !\TYPO3\CMS\IndexedSearch\Utility\IndexedSearchUtility::isTableUsed('index_words');
         $this->timeTracker = GeneralUtility::makeInstance(TimeTracker::class);
index 739e7fd..08bfb68 100644 (file)
@@ -1,18 +1,14 @@
 <?php
 defined('TYPO3_MODE') or die();
 
 <?php
 defined('TYPO3_MODE') or die();
 
-call_user_func(
-    function ($extKey) {
-        $extConf = unserialize($GLOBALS['TYPO3_CONF_VARS']['EXT']['extConf'][$extKey]);
-
-        if (isset($extConf['loadContentElementWizardTsConfig']) && (int)$extConf['loadContentElementWizardTsConfig'] === 0) {
-            // Add pageTSconfig
-            \TYPO3\CMS\Core\Utility\ExtensionManagementUtility::registerPageTSConfigFile(
-                $extKey,
-                'Configuration/PageTSconfig/NewContentElementWizard.ts',
-                'CSS-based Content Elements'
-            );
-        }
-    },
-    'css_styled_content'
-);
+call_user_func(function () {
+    $extConf = unserialize($GLOBALS['TYPO3_CONF_VARS']['EXT']['extConf']['css_styled_content'], ['allowed_classes' => false]);
+    if (isset($extConf['loadContentElementWizardTsConfig']) && (int)$extConf['loadContentElementWizardTsConfig'] === 0) {
+        // Add pageTSconfig
+        \TYPO3\CMS\Core\Utility\ExtensionManagementUtility::registerPageTSConfigFile(
+            'css_styled_content',
+            'Configuration/PageTSconfig/NewContentElementWizard.ts',
+            'CSS-based Content Elements'
+        );
+    }
+});
index 0018f56..79a5863 100644 (file)
@@ -23,24 +23,21 @@ $GLOBALS['TYPO3_CONF_VARS']['SC_OPTIONS']['cms/layout/class.tx_cms_layout.php'][
     \TYPO3\CMS\CssStyledContent\Hooks\PageLayoutView\TextPreviewRenderer::class;
 
 if (TYPO3_MODE === 'BE') {
     \TYPO3\CMS\CssStyledContent\Hooks\PageLayoutView\TextPreviewRenderer::class;
 
 if (TYPO3_MODE === 'BE') {
-    call_user_func(
-        function ($extKey) {
-            // Get the extension configuration
-            $extConf = unserialize($GLOBALS['TYPO3_CONF_VARS']['EXT']['extConf'][$extKey]);
-
-            if (!isset($extConf['loadContentElementWizardTsConfig']) || (int)$extConf['loadContentElementWizardTsConfig'] === 1) {
-                // Include new content elements to modWizards
-                \TYPO3\CMS\Core\Utility\ExtensionManagementUtility::addPageTSConfig('<INCLUDE_TYPOSCRIPT: source="FILE:EXT:css_styled_content/Configuration/PageTSconfig/NewContentElementWizard.ts">');
-            }
-
-            $dispatcher = \TYPO3\CMS\Core\Utility\GeneralUtility::makeInstance(\TYPO3\CMS\Extbase\SignalSlot\Dispatcher::class);
-            $dispatcher->connect(
-                \TYPO3\CMS\Extensionmanager\Controller\ConfigurationController::class,
-                'afterExtensionConfigurationWrite',
-                \TYPO3\CMS\CssStyledContent\Hooks\TcaCacheClearing::class,
-                'clearTcaCache'
-            );
-        },
-        $_EXTKEY
-    );
+    call_user_func(function () {
+        // Get the extension configuration
+        $extConf = unserialize($GLOBALS['TYPO3_CONF_VARS']['EXT']['extConf']['css_styled_content'], ['allowed_classes' => false]);
+
+        if (!isset($extConf['loadContentElementWizardTsConfig']) || (int)$extConf['loadContentElementWizardTsConfig'] === 1) {
+            // Include new content elements to modWizards
+            \TYPO3\CMS\Core\Utility\ExtensionManagementUtility::addPageTSConfig('<INCLUDE_TYPOSCRIPT: source="FILE:EXT:css_styled_content/Configuration/PageTSconfig/NewContentElementWizard.ts">');
+        }
+
+        $dispatcher = \TYPO3\CMS\Core\Utility\GeneralUtility::makeInstance(\TYPO3\CMS\Extbase\SignalSlot\Dispatcher::class);
+        $dispatcher->connect(
+            \TYPO3\CMS\Extensionmanager\Controller\ConfigurationController::class,
+            'afterExtensionConfigurationWrite',
+            \TYPO3\CMS\CssStyledContent\Hooks\TcaCacheClearing::class,
+            'clearTcaCache'
+        );
+    });
 }
 }
index f1bada8..0c8b92b 100644 (file)
@@ -2564,7 +2564,7 @@ class DatabaseConnection extends \TYPO3\CMS\Core\Database\DatabaseConnection
      */
     public function sql_query($query)
     {
      */
     public function sql_query($query)
     {
-        $globalConfig = unserialize($GLOBALS['TYPO3_CONF_VARS']['EXT']['extConf']['dbal']);
+        $globalConfig = unserialize($GLOBALS['TYPO3_CONF_VARS']['EXT']['extConf']['dbal'], ['allowed_classes' => false]);
         if ($globalConfig['sql_query.']['passthrough']) {
             return parent::sql_query($query);
         }
         if ($globalConfig['sql_query.']['passthrough']) {
             return parent::sql_query($query);
         }
index 0c2e0df..c6ae97a 100644 (file)
@@ -79,7 +79,8 @@ class ConfigurationUtility implements \TYPO3\CMS\Core\SingletonInterface
     public function getCurrentConfiguration($extensionKey)
     {
         $mergedConfiguration = $this->getDefaultConfigurationFromExtConfTemplateAsValuedArray($extensionKey);
     public function getCurrentConfiguration($extensionKey)
     {
         $mergedConfiguration = $this->getDefaultConfigurationFromExtConfTemplateAsValuedArray($extensionKey);
-        $currentExtensionConfig = unserialize($GLOBALS['TYPO3_CONF_VARS']['EXT']['extConf'][$extensionKey]);
+        // No objects allowed in extConf at all - it is safe to deny that during unserialize()
+        $currentExtensionConfig = unserialize($GLOBALS['TYPO3_CONF_VARS']['EXT']['extConf'][$extensionKey], ['allowed_classes' => false]);
         $currentExtensionConfig = is_array($currentExtensionConfig) ? $currentExtensionConfig : array();
         $currentExtensionConfig = $this->convertNestedToValuedConfiguration($currentExtensionConfig);
         \TYPO3\CMS\Core\Utility\ArrayUtility::mergeRecursiveWithOverrule(
         $currentExtensionConfig = is_array($currentExtensionConfig) ? $currentExtensionConfig : array();
         $currentExtensionConfig = $this->convertNestedToValuedConfiguration($currentExtensionConfig);
         \TYPO3\CMS\Core\Utility\ArrayUtility::mergeRecursiveWithOverrule(
index f38c6bb..8ab4e25 100644 (file)
@@ -2,7 +2,7 @@
 defined('TYPO3_MODE') or die();
 
 // Register extension list update task
 defined('TYPO3_MODE') or die();
 
 // Register extension list update task
-$_EXTCONF = unserialize($_EXTCONF);
+$_EXTCONF = unserialize($_EXTCONF, ['allowed_classes' => false]);
 if (empty($_EXTCONF['offlineMode'])) {
     $GLOBALS['TYPO3_CONF_VARS']['SC_OPTIONS']['scheduler']['tasks'][\TYPO3\CMS\Extensionmanager\Task\UpdateExtensionListTask::class] = array(
         'extension' => $_EXTKEY,
 if (empty($_EXTCONF['offlineMode'])) {
     $GLOBALS['TYPO3_CONF_VARS']['SC_OPTIONS']['scheduler']['tasks'][\TYPO3\CMS\Extensionmanager\Task\UpdateExtensionListTask::class] = array(
         'extension' => $_EXTKEY,
index 859ea0f..d756173 100644 (file)
@@ -1,18 +1,14 @@
 <?php
 defined('TYPO3_MODE') or die();
 
 <?php
 defined('TYPO3_MODE') or die();
 
-call_user_func(
-    function ($extKey) {
-        $extConf = unserialize($GLOBALS['TYPO3_CONF_VARS']['EXT']['extConf'][$extKey]);
-
-        if (isset($extConf['loadContentElementWizardTsConfig']) && (int)$extConf['loadContentElementWizardTsConfig'] === 0) {
-            // Add pageTSconfig
-            \TYPO3\CMS\Core\Utility\ExtensionManagementUtility::registerPageTSConfigFile(
-                $extKey,
-                'Configuration/PageTSconfig/NewContentElementWizard.ts',
-                'Fluid-based Content Elements'
-            );
-        }
-    },
-    'fluid_styled_content'
-);
+call_user_func(function () {
+    $extConf = unserialize($GLOBALS['TYPO3_CONF_VARS']['EXT']['extConf']['fluid_styled_content'], ['allowed_classes' => false]);
+    if (isset($extConf['loadContentElementWizardTsConfig']) && (int)$extConf['loadContentElementWizardTsConfig'] === 0) {
+        // Add pageTSconfig
+        \TYPO3\CMS\Core\Utility\ExtensionManagementUtility::registerPageTSConfigFile(
+            'fluid_styled_content',
+            'Configuration/PageTSconfig/NewContentElementWizard.ts',
+            'Fluid-based Content Elements'
+        );
+    }
+});
index 272b8b7..7cca6ae 100644 (file)
@@ -8,24 +8,21 @@ $GLOBALS['TYPO3_CONF_VARS']['FE']['contentRenderingTemplates'][] = 'fluidstyledc
 $GLOBALS['TYPO3_CONF_VARS']['SC_OPTIONS']['cms/layout/class.tx_cms_layout.php']['tt_content_drawItem']['textmedia'] = \TYPO3\CMS\FluidStyledContent\Hooks\TextmediaPreviewRenderer::class;
 
 if (TYPO3_MODE === 'BE') {
 $GLOBALS['TYPO3_CONF_VARS']['SC_OPTIONS']['cms/layout/class.tx_cms_layout.php']['tt_content_drawItem']['textmedia'] = \TYPO3\CMS\FluidStyledContent\Hooks\TextmediaPreviewRenderer::class;
 
 if (TYPO3_MODE === 'BE') {
-    call_user_func(
-        function ($extKey) {
-            // Get the extension configuration
-            $extConf = unserialize($GLOBALS['TYPO3_CONF_VARS']['EXT']['extConf'][$extKey]);
+    call_user_func(function () {
+        // Get the extension configuration
+        $extConf = unserialize($GLOBALS['TYPO3_CONF_VARS']['EXT']['extConf']['fluid_styled_content'], ['allowed_classes' => false]);
 
 
-            if (!isset($extConf['loadContentElementWizardTsConfig']) || (int)$extConf['loadContentElementWizardTsConfig'] === 1) {
-                // Include new content elements to modWizards
-                \TYPO3\CMS\Core\Utility\ExtensionManagementUtility::addPageTSConfig('<INCLUDE_TYPOSCRIPT: source="FILE:EXT:fluid_styled_content/Configuration/PageTSconfig/NewContentElementWizard.ts">');
-            }
+        if (!isset($extConf['loadContentElementWizardTsConfig']) || (int)$extConf['loadContentElementWizardTsConfig'] === 1) {
+            // Include new content elements to modWizards
+            \TYPO3\CMS\Core\Utility\ExtensionManagementUtility::addPageTSConfig('<INCLUDE_TYPOSCRIPT: source="FILE:EXT:fluid_styled_content/Configuration/PageTSconfig/NewContentElementWizard.ts">');
+        }
 
 
-            $dispatcher = \TYPO3\CMS\Core\Utility\GeneralUtility::makeInstance(\TYPO3\CMS\Extbase\SignalSlot\Dispatcher::class);
-            $dispatcher->connect(
-                \TYPO3\CMS\Extensionmanager\Controller\ConfigurationController::class,
-                'afterExtensionConfigurationWrite',
-                \TYPO3\CMS\FluidStyledContent\Hooks\TcaCacheClearing::class,
-                'clearTcaCache'
-            );
-        },
-        $_EXTKEY
-    );
+        $dispatcher = \TYPO3\CMS\Core\Utility\GeneralUtility::makeInstance(\TYPO3\CMS\Extbase\SignalSlot\Dispatcher::class);
+        $dispatcher->connect(
+            \TYPO3\CMS\Extensionmanager\Controller\ConfigurationController::class,
+            'afterExtensionConfigurationWrite',
+            \TYPO3\CMS\FluidStyledContent\Hooks\TcaCacheClearing::class,
+            'clearTcaCache'
+        );
+    });
 }
 }
index 0330505..30643ff 100644 (file)
@@ -151,7 +151,7 @@ class AdministrationController extends ActionController
     public function initializeAction()
     {
         $this->pageUid = (int)GeneralUtility::_GET('id');
     public function initializeAction()
     {
         $this->pageUid = (int)GeneralUtility::_GET('id');
-        $this->indexerConfig = unserialize($GLOBALS['TYPO3_CONF_VARS']['EXT']['extConf']['indexed_search']);
+        $this->indexerConfig = unserialize($GLOBALS['TYPO3_CONF_VARS']['EXT']['extConf']['indexed_search'], ['allowed_classes' => false]);
         $this->enableMetaphoneSearch = (bool)$this->indexerConfig['enableMetaphoneSearch'];
         $this->indexer = GeneralUtility::makeInstance(Indexer::class);
 
         $this->enableMetaphoneSearch = (bool)$this->indexerConfig['enableMetaphoneSearch'];
         $this->indexer = GeneralUtility::makeInstance(Indexer::class);
 
index 2e75a46..671b010 100644 (file)
@@ -175,7 +175,7 @@ class SearchController extends \TYPO3\CMS\Extbase\Mvc\Controller\ActionControlle
             $searchData = array_merge($this->settings['defaultOptions'], $searchData);
         }
         // Indexer configuration from Extension Manager interface:
             $searchData = array_merge($this->settings['defaultOptions'], $searchData);
         }
         // Indexer configuration from Extension Manager interface:
-        $this->indexerConfig = unserialize($GLOBALS['TYPO3_CONF_VARS']['EXT']['extConf']['indexed_search']);
+        $this->indexerConfig = unserialize($GLOBALS['TYPO3_CONF_VARS']['EXT']['extConf']['indexed_search'], ['allowed_classes' => false]);
         $this->enableMetaphoneSearch = (bool)$this->indexerConfig['enableMetaphoneSearch'];
         $this->initializeExternalParsers();
         // If "_sections" is set, this value overrides any existing value.
         $this->enableMetaphoneSearch = (bool)$this->indexerConfig['enableMetaphoneSearch'];
         $this->initializeExternalParsers();
         // If "_sections" is set, this value overrides any existing value.
index 9cc7be2..87978ae 100644 (file)
@@ -76,7 +76,7 @@ class FileContentParser
     public function initParser($extension)
     {
         // Then read indexer-config and set if appropriate:
     public function initParser($extension)
     {
         // Then read indexer-config and set if appropriate:
-        $indexerConfig = unserialize($GLOBALS['TYPO3_CONF_VARS']['EXT']['extConf']['indexed_search']);
+        $indexerConfig = unserialize($GLOBALS['TYPO3_CONF_VARS']['EXT']['extConf']['indexed_search'], ['allowed_classes' => false]);
         // If windows, apply extension to tool name:
         $exe = TYPO3_OS == 'WIN' ? '.exe' : '';
         // lg
         // If windows, apply extension to tool name:
         $exe = TYPO3_OS == 'WIN' ? '.exe' : '';
         // lg
@@ -288,7 +288,7 @@ class FileContentParser
     public function searchTypeMediaTitle($extension)
     {
         // Read indexer-config
     public function searchTypeMediaTitle($extension)
     {
         // Read indexer-config
-        $indexerConfig = unserialize($GLOBALS['TYPO3_CONF_VARS']['EXT']['extConf']['indexed_search']);
+        $indexerConfig = unserialize($GLOBALS['TYPO3_CONF_VARS']['EXT']['extConf']['indexed_search'], ['allowed_classes' => false]);
         // Ignore extensions
         $ignoreExtensions = GeneralUtility::trimExplode(',', strtolower($indexerConfig['ignoreExtensions']), true);
         if (in_array($extension, $ignoreExtensions)) {
         // Ignore extensions
         $ignoreExtensions = GeneralUtility::trimExplode(',', strtolower($indexerConfig['ignoreExtensions']), true);
         if (in_array($extension, $ignoreExtensions)) {
index e4b0928..4749ed2 100644 (file)
@@ -251,7 +251,7 @@ class Indexer
     public function hook_indexContent(&$pObj)
     {
         // Indexer configuration from Extension Manager interface:
     public function hook_indexContent(&$pObj)
     {
         // Indexer configuration from Extension Manager interface:
-        $indexerConfig = unserialize($GLOBALS['TYPO3_CONF_VARS']['EXT']['extConf']['indexed_search']);
+        $indexerConfig = unserialize($GLOBALS['TYPO3_CONF_VARS']['EXT']['extConf']['indexed_search'], ['allowed_classes' => false]);
         // Crawler activation:
         // Requirements are that the crawler is loaded, a crawler session is running and re-indexing requested as processing instruction:
         if (\TYPO3\CMS\Core\Utility\ExtensionManagementUtility::isLoaded('crawler') && $pObj->applicationData['tx_crawler']['running'] && in_array('tx_indexedsearch_reindex', $pObj->applicationData['tx_crawler']['parameters']['procInstructions'])) {
         // Crawler activation:
         // Requirements are that the crawler is loaded, a crawler session is running and re-indexing requested as processing instruction:
         if (\TYPO3\CMS\Core\Utility\ExtensionManagementUtility::isLoaded('crawler') && $pObj->applicationData['tx_crawler']['running'] && in_array('tx_indexedsearch_reindex', $pObj->applicationData['tx_crawler']['parameters']['procInstructions'])) {
@@ -474,7 +474,7 @@ class Indexer
         // Setting phash / phash_grouping which identifies the indexed page based on some of these variables:
         $this->setT3Hashes();
         // Indexer configuration from Extension Manager interface:
         // Setting phash / phash_grouping which identifies the indexed page based on some of these variables:
         $this->setT3Hashes();
         // Indexer configuration from Extension Manager interface:
-        $this->indexerConfig = unserialize($GLOBALS['TYPO3_CONF_VARS']['EXT']['extConf']['indexed_search']);
+        $this->indexerConfig = unserialize($GLOBALS['TYPO3_CONF_VARS']['EXT']['extConf']['indexed_search'], ['allowed_classes' => false]);
         $this->tstamp_minAge = MathUtility::forceIntegerInRange($this->indexerConfig['minAge'] * 3600, 0);
         $this->tstamp_maxAge = MathUtility::forceIntegerInRange($this->indexerConfig['maxAge'] * 3600, 0);
         $this->maxExternalFiles = MathUtility::forceIntegerInRange($this->indexerConfig['maxExternalFiles'], 0, 1000, 5);
         $this->tstamp_minAge = MathUtility::forceIntegerInRange($this->indexerConfig['minAge'] * 3600, 0);
         $this->tstamp_maxAge = MathUtility::forceIntegerInRange($this->indexerConfig['maxAge'] * 3600, 0);
         $this->maxExternalFiles = MathUtility::forceIntegerInRange($this->indexerConfig['maxExternalFiles'], 0, 1000, 5);
index 20ece71..321ce16 100644 (file)
@@ -45,7 +45,7 @@ $GLOBALS['TYPO3_CONF_VARS']['EXTCONF']['indexed_search']['external_parsers'] = a
 );
 $GLOBALS['TYPO3_CONF_VARS']['EXTCONF']['indexed_search']['use_tables'] = 'index_phash,index_fulltext,index_rel,index_words,index_section,index_grlist,index_stat_search,index_stat_word,index_debug,index_config';
 // unserializing the configuration so we can use it here:
 );
 $GLOBALS['TYPO3_CONF_VARS']['EXTCONF']['indexed_search']['use_tables'] = 'index_phash,index_fulltext,index_rel,index_words,index_section,index_grlist,index_stat_search,index_stat_word,index_debug,index_config';
 // unserializing the configuration so we can use it here:
-$_EXTCONF = unserialize($_EXTCONF);
+$_EXTCONF = unserialize($_EXTCONF, ['allowed_classes' => false]);
 // Use the advanced doubleMetaphone parser instead of the internal one (usage of metaphone parsers is generally disabled by default)
 if (isset($_EXTCONF['enableMetaphoneSearch']) && (int)$_EXTCONF['enableMetaphoneSearch'] == 2) {
     $GLOBALS['TYPO3_CONF_VARS']['EXTCONF']['indexed_search']['metaphone'] = \TYPO3\CMS\IndexedSearch\Utility\DoubleMetaPhoneUtility::class;
 // Use the advanced doubleMetaphone parser instead of the internal one (usage of metaphone parsers is generally disabled by default)
 if (isset($_EXTCONF['enableMetaphoneSearch']) && (int)$_EXTCONF['enableMetaphoneSearch'] == 2) {
     $GLOBALS['TYPO3_CONF_VARS']['EXTCONF']['indexed_search']['metaphone'] = \TYPO3\CMS\IndexedSearch\Utility\DoubleMetaPhoneUtility::class;
index 5ac4ac8..03d8f6e 100755 (executable)
@@ -98,7 +98,6 @@ class SilentConfigurationUpgradeService
     {
         $this->generateEncryptionKeyIfNeeded();
         $this->configureBackendLoginSecurity();
     {
         $this->generateEncryptionKeyIfNeeded();
         $this->configureBackendLoginSecurity();
-        $this->configureSaltedPasswords();
         $this->migrateImageProcessorSetting();
         $this->transferHttpSettings();
         $this->disableImageMagickDetailSettingsIfImageMagickIsDisabled();
         $this->migrateImageProcessorSetting();
         $this->transferHttpSettings();
         $this->disableImageMagickDetailSettingsIfImageMagickIsDisabled();
@@ -155,43 +154,6 @@ class SilentConfigurationUpgradeService
     }
 
     /**
     }
 
     /**
-     * Check the settings for salted passwords extension to load it as a required extension.
-     * Unset obsolete configuration options if given.
-     *
-     * @return void
-     */
-    protected function configureSaltedPasswords()
-    {
-        $defaultConfiguration = $this->configurationManager->getDefaultConfiguration();
-        $defaultExtensionConfiguration = unserialize($defaultConfiguration['EXT']['extConf']['saltedpasswords']);
-        try {
-            $extensionConfiguration = @unserialize($this->configurationManager->getLocalConfigurationValueByPath('EXT/extConf/saltedpasswords'));
-        } catch (\RuntimeException $e) {
-            $extensionConfiguration = [];
-        }
-        if (is_array($extensionConfiguration) && !empty($extensionConfiguration)) {
-            if (isset($extensionConfiguration['BE.']['enabled'])) {
-                if ($extensionConfiguration['BE.']['enabled']) {
-                    unset($extensionConfiguration['BE.']['enabled']);
-                } else {
-                    $extensionConfiguration['BE.'] = $defaultExtensionConfiguration['BE.'];
-                }
-                $this->configurationManager->setLocalConfigurationValueByPath(
-                    'EXT/extConf/saltedpasswords',
-                    serialize($extensionConfiguration)
-                );
-                $this->throwRedirectException();
-            }
-        } else {
-            $this->configurationManager->setLocalConfigurationValueByPath(
-                'EXT/extConf/saltedpasswords',
-                serialize($defaultExtensionConfiguration)
-            );
-            $this->throwRedirectException();
-        }
-    }
-
-    /**
      * The encryption key is crucial for securing form tokens
      * and the whole TYPO3 link rendering later on. A random key is set here in
      * LocalConfiguration if it does not exist yet. This might possible happen
      * The encryption key is crucial for securing form tokens
      * and the whole TYPO3 link rendering later on. A random key is set here in
      * LocalConfiguration if it does not exist yet. This might possible happen
index 10bc680..359da5d 100644 (file)
@@ -190,141 +190,6 @@ class SilentConfigurationUpgradeServiceTest extends \TYPO3\CMS\Core\Tests\UnitTe
     /**
      * @test
      */
     /**
      * @test
      */
-    public function configureSaltedPasswordsWithDefaultConfiguration()
-    {
-        /** @var $silentConfigurationUpgradeServiceInstance SilentConfigurationUpgradeService|\PHPUnit_Framework_MockObject_MockObject|\TYPO3\CMS\Core\Tests\AccessibleObjectInterface */
-        $silentConfigurationUpgradeServiceInstance = $this->getAccessibleMock(
-            SilentConfigurationUpgradeService::class,
-            array('dummy'),
-            array(),
-            '',
-            false
-        );
-        $config = 'a:2:{s:3:"BE.";a:3:{s:11:"forceSalted";i:0;s:15:"onlyAuthService";i:0;s:12:"updatePasswd";i:1;}s:3:"FE.";a:4:{s:7:"enabled";i:0;s:11:"forceSalted";i:0;s:15:"onlyAuthService";i:0;s:12:"updatePasswd";i:1;}}';
-        $defaultConfiguration = array();
-        $defaultConfiguration['EXT']['extConf']['saltedpasswords'] = $config;
-
-        $closure = function () {
-            throw new \RuntimeException('Path does not exist in array', 1341397869);
-        };
-
-        $this->createConfigurationManagerWithMockedMethods(
-            array(
-                'getDefaultConfiguration',
-                'getLocalConfigurationValueByPath',
-                'setLocalConfigurationValueByPath',
-            )
-        );
-        $this->configurationManager->expects($this->exactly(1))
-            ->method('getDefaultConfiguration')
-            ->will($this->returnValue($defaultConfiguration));
-        $this->configurationManager->expects($this->exactly(1))
-            ->method('getLocalConfigurationValueByPath')
-            ->will($this->returnCallback($closure));
-        $this->configurationManager->expects($this->once())
-            ->method('setLocalConfigurationValueByPath')
-            ->with($this->equalTo('EXT/extConf/saltedpasswords'), $this->equalTo($config));
-
-        $this->expectException(RedirectException::class);
-
-        $silentConfigurationUpgradeServiceInstance->_set('configurationManager', $this->configurationManager);
-
-        $silentConfigurationUpgradeServiceInstance->_call('configureSaltedPasswords');
-    }
-
-    /**
-     * @test
-     */
-    public function configureSaltedPasswordsWithExtensionConfigurationBeEnabled()
-    {
-        /** @var $silentConfigurationUpgradeServiceInstance SilentConfigurationUpgradeService|\PHPUnit_Framework_MockObject_MockObject|\TYPO3\CMS\Core\Tests\AccessibleObjectInterface */
-        $silentConfigurationUpgradeServiceInstance = $this->getAccessibleMock(
-            SilentConfigurationUpgradeService::class,
-            array('dummy'),
-            array(),
-            '',
-            false
-        );
-        $config = 'a:2:{s:3:"BE.";a:1:{s:21:"saltedPWHashingMethod";}s:3:"FE.";a:2:{s:7:"enabled";i:0;s:11:"forceSalted";i:0;}}';
-        $defaultConfiguration = array();
-        $defaultConfiguration['EXT']['extConf']['saltedpasswords'] = $config;
-
-        $currentLocalConfiguration = array(
-            array('EXT/extConf/saltedpasswords', 'a:2:{s:3:"BE.";a:1:{s:7:"enabled";i:1;}s:3:"FE.";a:1:{s:7:"enabled";i:0;}}')
-        );
-        $newConfig = 'a:2:{s:3:"BE.";a:0:{}s:3:"FE.";a:1:{s:7:"enabled";i:0;}}';
-        $this->createConfigurationManagerWithMockedMethods(
-            array(
-                'getDefaultConfiguration',
-                'getLocalConfigurationValueByPath',
-                'setLocalConfigurationValueByPath',
-            )
-        );
-        $this->configurationManager->expects($this->exactly(1))
-            ->method('getDefaultConfiguration')
-            ->will($this->returnValue($defaultConfiguration));
-        $this->configurationManager->expects($this->exactly(1))
-            ->method('getLocalConfigurationValueByPath')
-            ->will($this->returnValueMap($currentLocalConfiguration));
-        $this->configurationManager->expects($this->once())
-            ->method('setLocalConfigurationValueByPath')
-            ->with($this->equalTo('EXT/extConf/saltedpasswords'), $this->equalTo($newConfig));
-
-        $this->expectException(RedirectException::class);
-
-        $silentConfigurationUpgradeServiceInstance->_set('configurationManager', $this->configurationManager);
-
-        $silentConfigurationUpgradeServiceInstance->_call('configureSaltedPasswords');
-    }
-
-    /**
-     * @test
-     */
-    public function configureSaltedPasswordsWithExtensionConfigurationBeNotEnabled()
-    {
-        /** @var $silentConfigurationUpgradeServiceInstance SilentConfigurationUpgradeService|\PHPUnit_Framework_MockObject_MockObject|\TYPO3\CMS\Core\Tests\AccessibleObjectInterface */
-        $silentConfigurationUpgradeServiceInstance = $this->getAccessibleMock(
-            SilentConfigurationUpgradeService::class,
-            array('dummy'),
-            array(),
-            '',
-            false
-        );
-        $config = 'a:2:{s:3:"BE.";a:1:{s:15:"onlyAuthService";i:0;}s:3:"FE.";a:2:{s:7:"enabled";i:0;s:11:"forceSalted";i:0;}}';
-        $defaultConfiguration = array();
-        $defaultConfiguration['EXT']['extConf']['saltedpasswords'] = $config;
-
-        $currentLocalConfiguration = array(
-            array('EXT/extConf/saltedpasswords', 'a:2:{s:3:"BE.";a:2:{s:7:"enabled";i:0;s:12:"updatePasswd";i:1;}s:3:"FE.";a:1:{s:7:"enabled";i:0;}}')
-        );
-        $newConfig = 'a:2:{s:3:"BE.";a:1:{s:15:"onlyAuthService";i:0;}s:3:"FE.";a:1:{s:7:"enabled";i:0;}}';
-        $this->createConfigurationManagerWithMockedMethods(
-            array(
-                'getDefaultConfiguration',
-                'getLocalConfigurationValueByPath',
-                'setLocalConfigurationValueByPath',
-            )
-        );
-        $this->configurationManager->expects($this->exactly(1))
-            ->method('getDefaultConfiguration')
-            ->will($this->returnValue($defaultConfiguration));
-        $this->configurationManager->expects($this->exactly(1))
-            ->method('getLocalConfigurationValueByPath')
-            ->will($this->returnValueMap($currentLocalConfiguration));
-        $this->configurationManager->expects($this->once())
-            ->method('setLocalConfigurationValueByPath')
-            ->with($this->equalTo('EXT/extConf/saltedpasswords'), $this->equalTo($newConfig));
-
-        $this->expectException(RedirectException::class);
-
-        $silentConfigurationUpgradeServiceInstance->_set('configurationManager', $this->configurationManager);
-
-        $silentConfigurationUpgradeServiceInstance->_call('configureSaltedPasswords');
-    }
-
-    /**
-     * @test
-     */
     public function doNotGenerateEncryptionKeyIfExists()
     {
         /** @var $silentConfigurationUpgradeServiceInstance SilentConfigurationUpgradeService|\PHPUnit_Framework_MockObject_MockObject|\TYPO3\CMS\Core\Tests\AccessibleObjectInterface */
     public function doNotGenerateEncryptionKeyIfExists()
     {
         /** @var $silentConfigurationUpgradeServiceInstance SilentConfigurationUpgradeService|\PHPUnit_Framework_MockObject_MockObject|\TYPO3\CMS\Core\Tests\AccessibleObjectInterface */
@@ -711,4 +576,4 @@ class SilentConfigurationUpgradeServiceTest extends \TYPO3\CMS\Core\Tests\UnitTe
 
         $silentConfigurationUpgradeServiceInstance->_call('setImageMagickDetailSettings');
     }
 
         $silentConfigurationUpgradeServiceInstance->_call('setImageMagickDetailSettings');
     }
-}
+}
\ No newline at end of file
index 42ffba8..406e566 100644 (file)
@@ -54,7 +54,7 @@ class CommandLineBackend extends AbstractBackend
     {
         $this->opensslPath = CommandUtility::getCommand('openssl');
         // Get temporary directory from the configuration
     {
         $this->opensslPath = CommandUtility::getCommand('openssl');
         // Get temporary directory from the configuration
-        $extconf = unserialize($GLOBALS['TYPO3_CONF_VARS']['EXT']['extConf']['rsaauth']);
+        $extconf = unserialize($GLOBALS['TYPO3_CONF_VARS']['EXT']['extConf']['rsaauth'], ['allowed_classes' => false]);
         if (
             $extconf['temporaryDirectory'] !== ''
             && $extconf['temporaryDirectory'][0] === '/'
         if (
             $extconf['temporaryDirectory'] !== ''
             && $extconf['temporaryDirectory'][0] === '/'
index ca45eeb..ecd7028 100644 (file)
@@ -34,7 +34,7 @@ class BackendWarnings
             $lang = $this->getLanguageService();
             $warnings['rsaauth_cmdline'] = $lang->sL('LLL:EXT:rsaauth/Resources/Private/Language/locallang.xlf:hook_using_cmdline');
             // Check the path
             $lang = $this->getLanguageService();
             $warnings['rsaauth_cmdline'] = $lang->sL('LLL:EXT:rsaauth/Resources/Private/Language/locallang.xlf:hook_using_cmdline');
             // Check the path
-            $extconf = unserialize($GLOBALS['TYPO3_CONF_VARS']['EXT']['extConf']['rsaauth']);
+            $extconf = unserialize($GLOBALS['TYPO3_CONF_VARS']['EXT']['extConf']['rsaauth'], ['allowed_classes' => false]);
             $path = trim($extconf['temporaryDirectory']);
             if ($path == '') {
                 // Path is empty
             $path = trim($extconf['temporaryDirectory']);
             if ($path == '') {
                 // Path is empty
index dfa1239..c97f4bf 100644 (file)
@@ -13,7 +13,7 @@ require_once \TYPO3\CMS\Core\Utility\ExtensionManagementUtility::extPath('rtehtm
 
 $GLOBALS['TYPO3_CONF_VARS']['EXTCONF']['rtehtmlarea']['version'] = $EM_CONF['rtehtmlarea']['version'];
 // Unserializing the configuration so we can use it here
 
 $GLOBALS['TYPO3_CONF_VARS']['EXTCONF']['rtehtmlarea']['version'] = $EM_CONF['rtehtmlarea']['version'];
 // Unserializing the configuration so we can use it here
-$_EXTCONF = unserialize($_EXTCONF);
+$_EXTCONF = unserialize($_EXTCONF, ['allowed_classes' => false]);
 
 // Add default RTE transformation configuration
 \TYPO3\CMS\Core\Utility\ExtensionManagementUtility::addPageTSConfig('<INCLUDE_TYPOSCRIPT: source="FILE:EXT:rtehtmlarea/Configuration/PageTSconfig/Proc/pageTSConfig.txt">');
 
 // Add default RTE transformation configuration
 \TYPO3\CMS\Core\Utility\ExtensionManagementUtility::addPageTSConfig('<INCLUDE_TYPOSCRIPT: source="FILE:EXT:rtehtmlarea/Configuration/PageTSconfig/Proc/pageTSConfig.txt">');
index 73de410..45a56e0 100755 (executable)
@@ -149,7 +149,7 @@ class ExtensionManagerConfigurationUtility
     private function init()
     {
         $requestSetup = $this->processPostData((array) $_REQUEST['data']);
     private function init()
     {
         $requestSetup = $this->processPostData((array) $_REQUEST['data']);
-        $extConf = unserialize($GLOBALS['TYPO3_CONF_VARS']['EXT']['extConf']['saltedpasswords']);
+        $extConf = unserialize($GLOBALS['TYPO3_CONF_VARS']['EXT']['extConf']['saltedpasswords'], ['allowed_classes' => false]);
         $this->extConf['BE'] = array_merge((array)$extConf['BE.'], (array)$requestSetup['BE.']);
         $this->extConf['FE'] = array_merge((array)$extConf['FE.'], (array)$requestSetup['FE.']);
         $this->getLanguageService()->includeLLFile('EXT:saltedpasswords/Resources/Private/Language/locallang.xlf');
         $this->extConf['BE'] = array_merge((array)$extConf['BE.'], (array)$requestSetup['BE.']);
         $this->extConf['FE'] = array_merge((array)$extConf['FE.'], (array)$requestSetup['FE.']);
         $this->getLanguageService()->includeLLFile('EXT:saltedpasswords/Resources/Private/Language/locallang.xlf');
index c80358c..2b656fa 100644 (file)
@@ -51,7 +51,7 @@ class SaltedPasswordsUtility
     {
         $currentConfiguration = self::returnExtConfDefaults();
         if (isset($GLOBALS['TYPO3_CONF_VARS']['EXT']['extConf']['saltedpasswords'])) {
     {
         $currentConfiguration = self::returnExtConfDefaults();
         if (isset($GLOBALS['TYPO3_CONF_VARS']['EXT']['extConf']['saltedpasswords'])) {
-            $extensionConfiguration = unserialize($GLOBALS['TYPO3_CONF_VARS']['EXT']['extConf']['saltedpasswords']);
+            $extensionConfiguration = unserialize($GLOBALS['TYPO3_CONF_VARS']['EXT']['extConf']['saltedpasswords'], ['allowed_classes' => false]);
             // Merge default configuration with modified configuration:
             if (isset($extensionConfiguration[$mode . '.'])) {
                 $currentConfiguration = array_merge($currentConfiguration, $extensionConfiguration[$mode . '.']);
             // Merge default configuration with modified configuration:
             if (isset($extensionConfiguration[$mode . '.'])) {
                 $currentConfiguration = array_merge($currentConfiguration, $extensionConfiguration[$mode . '.']);
index 925d221..84cb1a4 100644 (file)
@@ -38,7 +38,7 @@ class Scheduler implements \TYPO3\CMS\Core\SingletonInterface
     public function __construct()
     {
         // Get configuration from the extension manager
     public function __construct()
     {
         // Get configuration from the extension manager
-        $this->extConf = unserialize($GLOBALS['TYPO3_CONF_VARS']['EXT']['extConf']['scheduler']);
+        $this->extConf = unserialize($GLOBALS['TYPO3_CONF_VARS']['EXT']['extConf']['scheduler'], ['allowed_classes' => false]);
         if (empty($this->extConf['maxLifetime'])) {
             $this->extConf['maxLifetime'] = 1440;
         }
         if (empty($this->extConf['maxLifetime'])) {
             $this->extConf['maxLifetime'] = 1440;
         }
index 3bf20ed..ab11a96 100644 (file)
@@ -10,7 +10,7 @@ $GLOBALS['TYPO3_CONF_VARS']['SC_OPTIONS']['GLOBAL']['cliKeys']['scheduler'] = ar
     '_CLI_scheduler'
 );
 // Get the extensions's configuration
     '_CLI_scheduler'
 );
 // Get the extensions's configuration
-$extConf = unserialize($GLOBALS['TYPO3_CONF_VARS']['EXT']['extConf']['scheduler']);
+$extConf = unserialize($GLOBALS['TYPO3_CONF_VARS']['EXT']['extConf']['scheduler'], ['allowed_classes' => false]);
 // If sample tasks should be shown,
 // register information for the test and sleep tasks
 if (!empty($extConf['showSampleTasks'])) {
 // If sample tasks should be shown,
 // register information for the test and sleep tasks
 if (!empty($extConf['showSampleTasks'])) {