[BUGFIX] Fix cookie evaluation order 30/37030/6
authorHelmut Hummel <helmut.hummel@typo3.org>
Sun, 22 Feb 2015 08:11:06 +0000 (09:11 +0100)
committerMarkus Klein <klein.t3@reelworx.at>
Thu, 26 Feb 2015 16:27:17 +0000 (17:27 +0100)
The workaround added for IE8 in #22084 is not needed any more
and removed without substitution.

This avoids problems with multiple cookies which might be sent
due to nested instances or due to moving an instance around in the
folder hierarchy.

Resolves: #65187
Releases: master, 6.2
Change-Id: I75c3ebcde62257cef91837bf1fc8272e2dd77eac
Reviewed-on: http://review.typo3.org/37030
Reviewed-by: Helmut Hummel <helmut.hummel@typo3.org>
Tested-by: Helmut Hummel <helmut.hummel@typo3.org>
Reviewed-by: Markus Klein <klein.t3@reelworx.at>
Tested-by: Markus Klein <klein.t3@reelworx.at>
typo3/sysext/core/Classes/Authentication/AbstractUserAuthentication.php
typo3/sysext/core/Tests/FunctionalTestCase.php

index 16a1d9e..eb1bdc5 100644 (file)
@@ -533,32 +533,11 @@ abstract class AbstractUserAuthentication {
        /**
         * Get the value of a specified cookie.
         *
-        * Uses HTTP_COOKIE, if available, to avoid a IE8 bug where multiple
-        * cookies with the same name might be returned if the user accessed
-        * the site without "www." first and switched to "www." later:
-        * Cookie: fe_typo_user=AAA; fe_typo_user=BBB
-        * In this case PHP will set _COOKIE as the first cookie, when we
-        * would need the last one (which is what this function then returns).
-        *
         * @param string $cookieName The cookie ID
         * @return string The value stored in the cookie
         */
        protected function getCookie($cookieName) {
-               $cookieValue = '';
-               if (isset($_SERVER['HTTP_COOKIE'])) {
-                       $cookies = GeneralUtility::trimExplode(';', $_SERVER['HTTP_COOKIE']);
-                       foreach ($cookies as $cookie) {
-                               list($name, $value) = GeneralUtility::trimExplode('=', $cookie);
-                               if (trim($name) === (string)$cookieName) {
-                                       // Use the last one
-                                       $cookieValue = urldecode($value);
-                               }
-                       }
-               } else {
-                       // Fallback if there is no HTTP_COOKIE, use original method:
-                       $cookieValue = isset($_COOKIE[$cookieName]) ? stripslashes($_COOKIE[$cookieName]) : '';
-               }
-               return $cookieValue;
+               return isset($_COOKIE[$cookieName]) ? stripslashes($_COOKIE[$cookieName]) : '';
        }
 
        /**
index d1e89bf..34e8535 100644 (file)
@@ -210,12 +210,12 @@ abstract class FunctionalTestCase extends BaseTestCase {
        protected function setUpBackendUserFromFixture($userUid) {
                $this->importDataSet(ORIGINAL_ROOT . 'typo3/sysext/core/Tests/Functional/Fixtures/be_users.xml');
                $database = $this->getDatabaseConnection();
-               $userRow = $database->exec_SELECTgetSingleRow('*', 'be_users', 'uid = ' . $userUid);
+               $userRow = $database->exec_SELECTgetSingleRow('*', 'be_users', 'uid = ' . (int)$userUid);
 
                /** @var $backendUser \TYPO3\CMS\Core\Authentication\BackendUserAuthentication */
                $backendUser = \TYPO3\CMS\Core\Utility\GeneralUtility::makeInstance(\TYPO3\CMS\Core\Authentication\BackendUserAuthentication::class);
                $sessionId = $backendUser->createSessionId();
-               $_SERVER['HTTP_COOKIE'] = 'be_typo_user=' . $sessionId . '; path=/';
+               $_COOKIE['be_typo_user'] = $sessionId;
                $backendUser->id = $sessionId;
                $backendUser->sendNoCacheHeaders = FALSE;
                $backendUser->dontSetCookie = TRUE;