[BUGFIX] Fix cookie evaluation order 82/37282/2
authorHelmut Hummel <helmut.hummel@typo3.org>
Sun, 22 Feb 2015 08:11:06 +0000 (09:11 +0100)
committerMarkus Klein <klein.t3@reelworx.at>
Fri, 27 Feb 2015 18:28:26 +0000 (19:28 +0100)
The workaround added for IE8 in #22084 is not needed any more
and removed without substitution.

This avoids problems with multiple cookies which might be sent
due to nested instances or due to moving an instance around in the
folder hierarchy.

Resolves: #65187
Releases: master, 6.2
Change-Id: I75c3ebcde62257cef91837bf1fc8272e2dd77eac
Reviewed-on: http://review.typo3.org/37282
Reviewed-by: Markus Klein <klein.t3@reelworx.at>
Tested-by: Markus Klein <klein.t3@reelworx.at>
typo3/sysext/core/Classes/Authentication/AbstractUserAuthentication.php
typo3/sysext/core/Tests/FunctionalTestCase.php

index 130fb9a..ed4414b 100644 (file)
@@ -587,32 +587,11 @@ abstract class AbstractUserAuthentication {
        /**
         * Get the value of a specified cookie.
         *
-        * Uses HTTP_COOKIE, if available, to avoid a IE8 bug where multiple
-        * cookies with the same name might be returned if the user accessed
-        * the site without "www." first and switched to "www." later:
-        * Cookie: fe_typo_user=AAA; fe_typo_user=BBB
-        * In this case PHP will set _COOKIE as the first cookie, when we
-        * would need the last one (which is what this function then returns).
-        *
         * @param string $cookieName The cookie ID
         * @return string The value stored in the cookie
         */
        protected function getCookie($cookieName) {
-               $cookieValue = '';
-               if (isset($_SERVER['HTTP_COOKIE'])) {
-                       $cookies = GeneralUtility::trimExplode(';', $_SERVER['HTTP_COOKIE']);
-                       foreach ($cookies as $cookie) {
-                               list($name, $value) = GeneralUtility::trimExplode('=', $cookie);
-                               if (trim($name) === (string)$cookieName) {
-                                       // Use the last one
-                                       $cookieValue = urldecode($value);
-                               }
-                       }
-               } else {
-                       // Fallback if there is no HTTP_COOKIE, use original method:
-                       $cookieValue = isset($_COOKIE[$cookieName]) ? stripslashes($_COOKIE[$cookieName]) : '';
-               }
-               return $cookieValue;
+               return isset($_COOKIE[$cookieName]) ? stripslashes($_COOKIE[$cookieName]) : '';
        }
 
        /**
index ba81fb1..8cf4691 100644 (file)
@@ -210,12 +210,12 @@ abstract class FunctionalTestCase extends BaseTestCase {
        protected function setUpBackendUserFromFixture($userUid) {
                $this->importDataSet(ORIGINAL_ROOT . 'typo3/sysext/core/Tests/Functional/Fixtures/be_users.xml');
                $database = $this->getDatabaseConnection();
-               $userRow = $database->exec_SELECTgetSingleRow('*', 'be_users', 'uid = ' . $userUid);
+               $userRow = $database->exec_SELECTgetSingleRow('*', 'be_users', 'uid = ' . (int)$userUid);
 
                /** @var $backendUser \TYPO3\CMS\Core\Authentication\BackendUserAuthentication */
                $backendUser = \TYPO3\CMS\Core\Utility\GeneralUtility::makeInstance('TYPO3\\CMS\\Core\\Authentication\\BackendUserAuthentication');
                $sessionId = $backendUser->createSessionId();
-               $_SERVER['HTTP_COOKIE'] = 'be_typo_user=' . $sessionId . '; path=/';
+               $_COOKIE['be_typo_user'] = $sessionId;
                $backendUser->id = $sessionId;
                $backendUser->sendNoCacheHeaders = FALSE;
                $backendUser->dontSetCookie = TRUE;