[BUGFIX] Various PHP Warnings with invalid credentials 26/27126/5
authorXavier Perseguers <xavier@typo3.org>
Wed, 29 Jan 2014 13:54:37 +0000 (14:54 +0100)
committerStefan Neufeind <typo3.neufeind@speedpartner.de>
Sun, 2 Feb 2014 19:21:59 +0000 (20:21 +0100)
When invalid credentials are entered in the Backend login form, various
PHP warnings are raised such as

    PHP Warning: Illegal string offset 'uid'

because $user is not an array.

Resolves: #55434
Releases: 6.2, 6.1
Change-Id: I62b85816ce04720ed9fd236965c3a6f55effd093
Reviewed-on: https://review.typo3.org/27126
Reviewed-by: Stefan Neufeind
Tested-by: Stefan Neufeind
typo3/sysext/backend/Classes/Controller/LoginController.php
typo3/sysext/core/Classes/Authentication/BackendUserAuthentication.php

index dfff2b5..da3ff12 100644 (file)
@@ -180,7 +180,7 @@ class LoginController {
                $preferredBrowserLanguage = $GLOBALS['LANG']->csConvObj->getPreferredClientLanguage(GeneralUtility::getIndpEnv('HTTP_ACCEPT_LANGUAGE'));
                // If we found a $preferredBrowserLanguage and it is not the default language and no be_user is logged in
                // initialize $GLOBALS['LANG'] again with $preferredBrowserLanguage
-               if ($preferredBrowserLanguage != 'default' && !$GLOBALS['BE_USER']->user['uid']) {
+               if ($preferredBrowserLanguage !== 'default' && empty($GLOBALS['BE_USER']->user['uid'])) {
                        $GLOBALS['LANG']->init($preferredBrowserLanguage);
                }
                $GLOBALS['LANG']->includeLLFile('EXT:lang/locallang_login.xlf');
@@ -219,7 +219,7 @@ class LoginController {
                // Initialize interface selectors:
                $this->makeInterfaceSelectorBox();
                // Creating form based on whether there is a login or not:
-               if (!$GLOBALS['BE_USER']->user['uid']) {
+               if (empty($GLOBALS['BE_USER']->user['uid'])) {
                        $GLOBALS['TBE_TEMPLATE']->form = $this->startForm();
                        $loginForm = $this->makeLoginForm();
                } else {
@@ -378,7 +378,7 @@ class LoginController {
        public function checkRedirect() {
                // Do redirect:
                // If a user is logged in AND a) if either the login is just done (isLoginInProgress) or b) a loginRefresh is done or c) the interface-selector is NOT enabled (If it is on the other hand, it should not just load an interface, because people has to choose then...)
-               if ($GLOBALS['BE_USER']->user['uid'] && ($this->isLoginInProgress() || $this->loginRefresh || !$this->interfaceSelector)) {
+               if (!empty($GLOBALS['BE_USER']->user['uid']) && ($this->isLoginInProgress() || $this->loginRefresh || !$this->interfaceSelector)) {
                        // If no cookie has been set previously we tell people that this is a problem. This assumes that a cookie-setting script (like this one) has been hit at least once prior to this instance.
                        if (!$_COOKIE[\TYPO3\CMS\Core\Authentication\BackendUserAuthentication::getCookieName()]) {
                                if ($this->commandLI == 'setCookie') {
@@ -428,7 +428,7 @@ class LoginController {
                                        }
                                ');
                        }
-               } elseif (!$GLOBALS['BE_USER']->user['uid'] && $this->isLoginInProgress()) {
+               } elseif (empty($GLOBALS['BE_USER']->user['uid']) && $this->isLoginInProgress()) {
                        // Wrong password, wait for 5 seconds
                        sleep(5);
                }
index 4ffef8f..e2feab1 100644 (file)
@@ -363,7 +363,7 @@ class BackendUserAuthentication extends \TYPO3\CMS\Core\Authentication\AbstractU
         * @todo Define visibility
         */
        public function isAdmin() {
-               return ($this->user['admin'] & 1) == 1;
+               return is_array($this->user) && ($this->user['admin'] & 1) == 1;
        }
 
        /**
@@ -1554,7 +1554,7 @@ class BackendUserAuthentication extends \TYPO3\CMS\Core\Authentication\AbstractU
                                }
 
                                // Mount group home-dirs
-                               if (($this->user['options'] & 2) == 2 && $GLOBALS['TYPO3_CONF_VARS']['BE']['groupHomePath'] != '') {
+                               if ((is_array($this->user) && $this->user['options'] & 2) == 2 && $GLOBALS['TYPO3_CONF_VARS']['BE']['groupHomePath'] != '') {
                                        // If groupHomePath is set, we attempt to mount it
                                        list($groupHomeStorageUid, $groupHomeFilter) = explode(':', $GLOBALS['TYPO3_CONF_VARS']['BE']['groupHomePath'], 2);
                                        $groupHomeStorageUid = (int)$groupHomeStorageUid;
@@ -2211,7 +2211,7 @@ This is a dump of the failures:
         * @todo Define visibility
         */
        public function backendCheckLogin() {
-               if (!$this->user['uid']) {
+               if (empty($this->user['uid'])) {
                        if (!defined('TYPO3_PROCEED_IF_NO_USER') || !TYPO3_PROCEED_IF_NO_USER) {
                                \TYPO3\CMS\Core\Utility\HttpUtility::redirect($GLOBALS['BACK_PATH']);
                        }