[TASK] Trim submitted login-form-data before usage 43/35943/7
authorStefan Neufeind <typo3.neufeind@speedpartner.de>
Sat, 10 Jan 2015 01:06:05 +0000 (02:06 +0100)
committerMathias Schreiber <mathias.schreiber@wmdb.de>
Sun, 18 Jan 2015 10:45:01 +0000 (11:45 +0100)
Trimming form-data prevents common errors with copied
spaces, tabs or linebreaks in the formfields.

Change-Id: Id1ead90ef405c2c944f4c30e1e61e63597355b79
Resolves: #64229
Releases: master
Reviewed-on: http://review.typo3.org/35943
Reviewed-by: Anja Leichsenring <aleichsenring@ab-softlab.de>
Tested-by: Anja Leichsenring <aleichsenring@ab-softlab.de>
Reviewed-by: Mathias Schreiber <mathias.schreiber@wmdb.de>
Tested-by: Mathias Schreiber <mathias.schreiber@wmdb.de>
typo3/sysext/core/Classes/Authentication/AbstractUserAuthentication.php
typo3/sysext/core/Configuration/TCA/be_users.php
typo3/sysext/core/Documentation/Changelog/master/Breaking-64229-TrimSubmittedLoginFormData.rst [new file with mode: 0644]
typo3/sysext/frontend/Configuration/TCA/fe_users.php

index e663139..f4593fe 100644 (file)
@@ -1302,6 +1302,7 @@ abstract class AbstractUserAuthentication {
                if ($loginData['status'] === 'login') {
                        $loginData = $this->processLoginData($loginData);
                }
+               $loginData = array_map('trim', $loginData);
                return $loginData;
        }
 
index 793303b..077afd3 100644 (file)
@@ -41,7 +41,7 @@ return array(
                                'type' => 'input',
                                'size' => '20',
                                'max' => '50',
-                               'eval' => 'nospace,lower,unique,required'
+                               'eval' => 'nospace,trim,lower,unique,required'
                        )
                ),
                'password' => array(
@@ -50,7 +50,7 @@ return array(
                                'type' => 'input',
                                'size' => '20',
                                'max' => '40',
-                               'eval' => 'required,md5,password'
+                               'eval' => 'trim,required,md5,password'
                        )
                ),
                'usergroup' => array(
diff --git a/typo3/sysext/core/Documentation/Changelog/master/Breaking-64229-TrimSubmittedLoginFormData.rst b/typo3/sysext/core/Documentation/Changelog/master/Breaking-64229-TrimSubmittedLoginFormData.rst
new file mode 100644 (file)
index 0000000..f30066c
--- /dev/null
@@ -0,0 +1,30 @@
+==============================================================
+Breaking: #64229 - Trim submitted login-form-data before usage
+==============================================================
+
+Description
+===========
+
+Data submitted through the login-forms (frontend and backend) will now be trimmed before the login is performed.
+So now all fields (like username or password) with leading/following whitespaces will have those removed.
+Any whitespaces inside fields will however not be touched.
+
+
+Impact
+======
+
+Users that have had whitespaces at the beginning or end of their usernames or password will not be able to log in anymore.
+
+
+Affected installations
+======================
+
+Any installation relying on whitespaces at the beginning or end of either a username or a password.
+Please note that the TYPO3 backend didn't allow whitespaces for usernames in frontend or backend
+and only allowed whitespaces for passwords of backend users until now.
+
+
+Migration
+=========
+
+Update usernames/passwords.
index ace0c2a..a22433c 100644 (file)
@@ -30,7 +30,7 @@ return array(
                                'type' => 'input',
                                'size' => '20',
                                'max' => '255',
-                               'eval' => 'nospace,lower,uniqueInPid,required'
+                               'eval' => 'nospace,trim,lower,uniqueInPid,required'
                        )
                ),
                'password' => array(
@@ -39,7 +39,7 @@ return array(
                                'type' => 'input',
                                'size' => '10',
                                'max' => '40',
-                               'eval' => 'nospace,required,password'
+                               'eval' => 'nospace,trim,required,password'
                        )
                ),
                'usergroup' => array(