[BUGFIX] BE User module allows switching to CLI users
authorAndreas Wolf <andreas.wolf@ikt-werk.de>
Fri, 8 Jul 2011 22:34:15 +0000 (00:34 +0200)
committerAndreas Wolf <andreas.wolf@ikt-werk.de>
Fri, 8 Jul 2011 23:30:58 +0000 (01:30 +0200)
The backend user module shows two icons to switch to a given user (with
and without possibility to go back). This is also enabled for CLI users,
which can effectively render the session unusable.

This patch removes the icons if the username starts with _cli_.

Change-Id: Ic99e0ef0bacc6092f0073b5be28b4755e652bbc2
Resolves: #28008
Releases: 4.5, 4.6
Reviewed-on: http://review.typo3.org/3162
Reviewed-by: Tolleiv Nietsch
Tested-by: Tolleiv Nietsch
Reviewed-by: Andreas Wolf
Tested-by: Andreas Wolf
typo3/sysext/beuser/mod/index.php

index 2bf3749..addc8b0 100755 (executable)
@@ -1337,7 +1337,7 @@ class SC_mod_tools_be_user_index {
                                        $uItem = '<tr><td width="130">' . t3lib_iconWorks::getSpriteIconForRecord('be_users',$uDat,array('title'=> $uDat['uid'] )) . $this->linkUser($uDat['username'],$uDat) . '&nbsp;&nbsp;</td><td nowrap="nowrap">' . $this->elementLinks('be_users',$uDat);
                                        if ($curUid != $uDat['uid'] && !$uDat['disable'] && ($uDat['starttime'] == 0 ||
                                                $uDat['starttime'] < $GLOBALS['EXEC_TIME']) && ($uDat['endtime'] == 0 ||
-                                               $uDat['endtime'] > $GLOBALS['EXEC_TIME'])) {
+                                               $uDat['endtime'] > $GLOBALS['EXEC_TIME']) && (substr($uDat['username'], 0, 5) !== '_cli_')) {
                                                $uItem .= '<a href="' . t3lib_div::linkThisScript(array('SwitchUser'=>$uDat['uid'])) . '" target="_top" title="' . htmlspecialchars($GLOBALS['LANG']->getLL('switchUserTo', TRUE) . ' ' . $uDat['username']) . ' ' . $GLOBALS['LANG']->getLL('changeToMode', TRUE) . '">' .
                                                                t3lib_iconWorks::getSpriteIcon('actions-system-backend-user-switch') .
                                                        '</a>'.