Fixed bug #17173: CSRF: In the user settings module, saving form data is not possible...
authorErnesto Baschny <ernst@cron-it.de>
Fri, 21 Jan 2011 18:13:13 +0000 (18:13 +0000)
committerErnesto Baschny <ernst@cron-it.de>
Fri, 21 Jan 2011 18:13:13 +0000 (18:13 +0000)
git-svn-id: https://svn.typo3.org/TYPO3v4/Core/trunk@10221 709f56b5-9817-0410-a4d7-c38de5d9e867

ChangeLog
t3lib/formprotection/class.t3lib_formprotection_backendformprotection.php
typo3/sysext/setup/mod/index.php

index 877fbba..6f8d0f6 100755 (executable)
--- a/ChangeLog
+++ b/ChangeLog
@@ -13,6 +13,7 @@
 
 2011-01-21  Ernesto Baschny  <ernst@cron-it.de>
 
+       * Fixed bug #17173: CSRF: In the user settings module, saving form data is not possible if simulate user option is used (Thanks to Helmut Hummel)
        * Follow-up to issue #16878: Keep t3lib_utility_Client::getBrowserInfo backwards compatible, deprecate 'system' and only use 'all_systems' from now on
        * Fixed bug #16994: ExtDirect in frontend generates php warnings (Thanks to Stefan Galinski)
        * Fixed issue #17198: Introduce setting "defaultMailFromName" and move defaultMailFromAddress to [MAIL] section (Thanks to Jigal van Hemert)
index 3f5dc4d..c5b9b39 100644 (file)
@@ -116,6 +116,14 @@ class t3lib_formprotection_BackendFormProtection extends t3lib_formprotection_Ab
        protected $maximumNumberOfTokens = 20000;
 
        /**
+        * Keeps the instance of the user which existed during creation
+        * of the object.
+        *
+        * @var t3lib_beUserAuth
+        */
+       protected $backendUser;
+
+       /**
         * Only allow construction if we have a backend session
         */
        public function __construct() {
@@ -126,6 +134,7 @@ class t3lib_formprotection_BackendFormProtection extends t3lib_formprotection_Ab
                                1285067843
                        );
                }
+               $this->backendUser = $GLOBALS['BE_USER'];
                parent::__construct();
        }
 
@@ -155,7 +164,7 @@ class t3lib_formprotection_BackendFormProtection extends t3lib_formprotection_Ab
         *               the saved tokens as, will be empty if no tokens have been saved
         */
        protected function retrieveTokens() {
-               $tokens = $GLOBALS['BE_USER']->getSessionData('formTokens');
+               $tokens = $this->backendUser->getSessionData('formTokens');
                if (!is_array($tokens)) {
                        $tokens = array();
                }
@@ -170,7 +179,7 @@ class t3lib_formprotection_BackendFormProtection extends t3lib_formprotection_Ab
         * @return void
         */
        public function persistTokens() {
-               $GLOBALS['BE_USER']->setAndSaveSessionData('formTokens', $this->tokens);
+               $this->backendUser->setAndSaveSessionData('formTokens', $this->tokens);
        }
 }
 
index 390a04c..4730660 100755 (executable)
@@ -121,6 +121,12 @@ class SC_mod_user_setup_index {
        protected $installToolFileExists = FALSE;
        protected $installToolFileKeep = FALSE;
 
+       /**
+        * Form protection instance
+        *
+        * @var t3lib_formprotection_BackendFormProtection
+        */
+       protected $formProtection;
 
        /******************************
         *
@@ -128,6 +134,23 @@ class SC_mod_user_setup_index {
         *
         ******************************/
 
+
+       /**
+        * Instanciate the form protection before a simulated user is initialized.
+        */
+       public function __construct() {
+               $this->formProtection = t3lib_formProtection_Factory::get(
+                       't3lib_formprotection_BackendFormProtection'
+               );
+       }
+
+       /**
+        * Getter for the form protection instance.
+        */
+       public function getFormProtection() {
+               return $this->formProtection;
+       }
+
        /**
         * If settings are submitted to _POST[DATA], store them
         * NOTICE: This method is called before the template.php is included. See
@@ -144,10 +167,7 @@ class SC_mod_user_setup_index {
                $storeRec = array();
                $fieldList = $this->getFieldsFromShowItem();
 
-               $formProtection = t3lib_formProtection_Factory::get(
-                       't3lib_formprotection_BackendFormProtection'
-               );
-               if (is_array($d) && $formProtection->validateToken(
+               if (is_array($d) && $this->formProtection->validateToken(
                                (string) t3lib_div::_POST('formToken'),
                                'BE user setup', 'edit'
                        )
@@ -443,10 +463,7 @@ class SC_mod_user_setup_index {
 
                $this->content .= $this->doc->spacer(20) . $this->doc->getDynTabMenu($menuItems, 'user-setup', FALSE, FALSE, 0, 1, FALSE, 1, $this->dividers2tabs);
 
-               $formProtection = t3lib_formProtection_Factory::get(
-                       't3lib_formprotection_BackendFormProtection'
-               );
-               $formToken = $formProtection->generateToken('BE user setup', 'edit');
+               $formToken = $this->formProtection->generateToken('BE user setup', 'edit');
 
                        // Submit and reset buttons
                $this->content .= $this->doc->spacer(20);
@@ -998,6 +1015,5 @@ $SOBE->init();
 $SOBE->main();
 $SOBE->printContent();
 
-t3lib_formProtection_Factory::get('t3lib_formprotection_BackendFormProtection')
-       ->persistTokens();
+$SOBE->getFormProtection()->persistTokens();
 ?>