[BUGFIX] Don't save form protection error messages in session
authorHelmut Hummel <helmut.hummel@typo3.org>
Sun, 25 Sep 2011 14:52:53 +0000 (16:52 +0200)
committerGeorg Ringer <mail@ringerge.org>
Tue, 7 Feb 2012 07:27:59 +0000 (08:27 +0100)
Do not persist flash messages in the session if we are in an Ajax context
because then the flash message is rendered out of context the next time
the flash message queue is flushed.

Change-Id: Id47b11b661264ebac37922c3356b64cbde8516c3
Resolves: #30272
Releases: 4.5, 4.6, 4.7
Reviewed-on: http://review.typo3.org/5327
Reviewed-by: Oliver Klee
Reviewed-by: Philipp Gampe
Tested-by: Philipp Gampe
Reviewed-by: Tolleiv Nietsch
Tested-by: Tolleiv Nietsch
Reviewed-by: Georg Ringer
Tested-by: Georg Ringer
t3lib/formprotection/class.t3lib_formprotection_backendformprotection.php
tests/t3lib/formprotection/class.t3lib_formprotection_BackendFormProtectionTest.php

index 622747c..6a9648b 100644 (file)
@@ -130,7 +130,8 @@ class t3lib_formprotection_BackendFormProtection extends t3lib_formprotection_Ab
                        ),
                        '',
                        t3lib_FlashMessage::ERROR,
                        ),
                        '',
                        t3lib_FlashMessage::ERROR,
-                       TRUE
+                               // Do not save error message in session if we are in an Ajax action
+                       !(isset($GLOBALS['TYPO3_AJAX']) && $GLOBALS['TYPO3_AJAX'] === TRUE)
                );
                t3lib_FlashMessageQueue::addMessage($message);
        }
                );
                t3lib_FlashMessageQueue::addMessage($message);
        }
index 7c158be..c4d5884 100644 (file)
  */
 class t3lib_formprotection_BackendFormProtectionTest extends tx_phpunit_testcase {
        /**
  */
 class t3lib_formprotection_BackendFormProtectionTest extends tx_phpunit_testcase {
        /**
-        * a backup of the current BE user
+        * Enable backup of global and system variables
         *
         *
-        * @var t3lib_beUserAuth
+        * @var boolean
         */
         */
-       private $backEndUserBackup = NULL;
+       protected $backupGlobals = TRUE;
+
+       /**
+        * Exclude TYPO3_DB from backup/ restore of $GLOBALS
+        * because resource types cannot be handled during serializing
+        *
+        * @var array
+        */
+       protected $backupGlobalsBlacklist = array('TYPO3_DB');
+
 
        /**
         * @var t3lib_formprotection_BackendFormProtection
 
        /**
         * @var t3lib_formprotection_BackendFormProtection
@@ -44,7 +53,6 @@ class t3lib_formprotection_BackendFormProtectionTest extends tx_phpunit_testcase
        private $fixture;
 
        public function setUp() {
        private $fixture;
 
        public function setUp() {
-               $this->backEndUserBackup = $GLOBALS['BE_USER'];
                $GLOBALS['BE_USER'] = $this->getMock(
                        't3lib_beUserAuth',
                        array('getSessionData', 'setAndSaveSessionData')
                $GLOBALS['BE_USER'] = $this->getMock(
                        't3lib_beUserAuth',
                        array('getSessionData', 'setAndSaveSessionData')
@@ -58,9 +66,6 @@ class t3lib_formprotection_BackendFormProtectionTest extends tx_phpunit_testcase
        public function tearDown() {
                $this->fixture->__destruct();
                unset($this->fixture);
        public function tearDown() {
                $this->fixture->__destruct();
                unset($this->fixture);
-
-               $GLOBALS['BE_USER'] = $this->backEndUserBackup;
-
                t3lib_FlashMessageQueue::getAllMessagesAndFlush();
        }
 
                t3lib_FlashMessageQueue::getAllMessagesAndFlush();
        }
 
@@ -228,6 +233,27 @@ class t3lib_formprotection_BackendFormProtectionTest extends tx_phpunit_testcase
                $this->fixture->createValidationErrorMessage();
 
                $messages = t3lib_FlashMessageQueue::getAllMessagesAndFlush();
                $this->fixture->createValidationErrorMessage();
 
                $messages = t3lib_FlashMessageQueue::getAllMessagesAndFlush();
+
+               $this->assertNotEmpty($messages);
+               $this->assertContains(
+                       $GLOBALS['LANG']->sL(
+                               'LLL:EXT:lang/locallang_core.xml:error.formProtection.tokenInvalid'
+                       ),
+                       $messages[0]->render()
+               );
+       }
+
+       /**
+        * @test
+        */
+       public function createValidationErrorMessageAddsErrorFlashMessageButNotInSessionInAjaxRequest() {
+               $GLOBALS['BE_USER'] = $this->createBackendUserSessionStorageStub();
+               $GLOBALS['TYPO3_AJAX'] = TRUE;
+               $this->fixture->createValidationErrorMessage();
+
+               $messages = t3lib_FlashMessageQueue::$messages;
+
+               $this->assertNotEmpty($messages);
                $this->assertContains(
                        $GLOBALS['LANG']->sL(
                                'LLL:EXT:lang/locallang_core.xml:error.formProtection.tokenInvalid'
                $this->assertContains(
                        $GLOBALS['LANG']->sL(
                                'LLL:EXT:lang/locallang_core.xml:error.formProtection.tokenInvalid'