[BUGFIX] Wrong eID should throw exception 85/33985/4
authorFrederic Gaus <gaus@flagbit.de>
Tue, 11 Nov 2014 15:11:55 +0000 (16:11 +0100)
committerHelmut Hummel <helmut.hummel@typo3.org>
Sun, 30 Nov 2014 17:24:00 +0000 (18:24 +0100)
This patch changes the behavior of the bootstrap process. Now an
exception is thrown when a request with an unknown eID is done.

Before the system simply died.

Resolves: #62857
Releases: master
Change-Id: I600e0d69619d14729235aed7b43393202efc5f98
Reviewed-on: http://review.typo3.org/33985
Reviewed-by: Helmut Hummel <helmut.hummel@typo3.org>
Reviewed-by: Christian Kuhn <lolli@schwarzbu.ch>
Tested-by: Christian Kuhn <lolli@schwarzbu.ch>
Tested-by: Helmut Hummel <helmut.hummel@typo3.org>
typo3/sysext/frontend/Classes/FrontendRequestHandler.php
typo3/sysext/frontend/Classes/Utility/EidUtility.php

index 8567f3b..1fe7175 100644 (file)
@@ -13,6 +13,8 @@ namespace TYPO3\CMS\Frontend;
  * The TYPO3 project - inspiring people to share!
  */
 
+use TYPO3\CMS\Frontend\Utility\EidUtility;
+
 /**
  * This is the MAIN DOCUMENT of the TypoScript driven standard front-end
  *
@@ -57,13 +59,12 @@ class FrontendRequestHandler {
                        unset($hookParameters);
                }
                // Look for extension ID which will launch alternative output engine
-               if ($temp_extId = \TYPO3\CMS\Core\Utility\GeneralUtility::_GP('eID')) {
-                       if ($classPath = \TYPO3\CMS\Core\Utility\GeneralUtility::getFileAbsFileName($GLOBALS['TYPO3_CONF_VARS']['FE']['eID_include'][$temp_extId])) {
-                               // Remove any output produced until now
-                               ob_clean();
-                               require $classPath;
-                       }
-                       die;
+               if (EidUtility::isEidRequest()) {
+                       // Remove any output produced until now
+                       ob_clean();
+                       require EidUtility::getEidScriptPath();
+                       \TYPO3\CMS\Core\Core\Bootstrap::getInstance()->shutdown();
+                       exit;
                }
 
                /** @var $GLOBALS['TSFE'] \TYPO3\CMS\Frontend\Controller\TypoScriptFrontendController */
@@ -286,4 +287,4 @@ class FrontendRequestHandler {
                }
                \TYPO3\CMS\Core\Core\Bootstrap::getInstance()->shutdown();
        }
-}
\ No newline at end of file
+}
index e76375b..83a97e7 100644 (file)
@@ -13,6 +13,7 @@ namespace TYPO3\CMS\Frontend\Utility;
  *
  * The TYPO3 project - inspiring people to share!
  */
+use TYPO3\CMS\Core\Utility\GeneralUtility;
 
 /**
  * Tools for scripts using the eID feature of index.php
@@ -29,6 +30,33 @@ namespace TYPO3\CMS\Frontend\Utility;
 class EidUtility {
 
        /**
+        * Returns true if within an eID-request. False if not.
+        *
+        * @return bool
+        */
+       static public function isEidRequest() {
+               return GeneralUtility::_GP('eID') ? TRUE : FALSE;
+       }
+
+       /**
+        * Returns the script path associated with the requested eID identifier.
+        *
+        * @return string eID associated script path
+        * @throws \TYPO3\CMS\Core\Exception
+        */
+       static public function getEidScriptPath() {
+               $eID = GeneralUtility::_GP('eID');
+               if (!$eID || !isset($GLOBALS['TYPO3_CONF_VARS']['FE']['eID_include'][$eID])) {
+                       throw new \TYPO3\CMS\Core\Exception('eID not registered in $GLOBALS[\'TYPO3_CONF_VARS\'][\'FE\'][\'eID_include\'].', 1415714161);
+               }
+               $scriptPath = GeneralUtility::getFileAbsFileName($GLOBALS['TYPO3_CONF_VARS']['FE']['eID_include'][$eID]);
+               if ($scriptPath === '') {
+                       throw new \TYPO3\CMS\Core\Exception('Registered eID has invalid script path.', 1416391467);
+               }
+               return $scriptPath;
+       }
+
+       /**
         * Load and initialize Frontend User. Note, this process is slow because
         * it creates a calls many objects. Call this method only if necessary!
         *
@@ -53,7 +81,7 @@ class EidUtility {
         */
        static public function initLanguage($language = 'default') {
                if (!is_object($GLOBALS['LANG'])) {
-                       $GLOBALS['LANG'] = \TYPO3\CMS\Core\Utility\GeneralUtility::makeInstance(\TYPO3\CMS\Lang\LanguageService::class);
+                       $GLOBALS['LANG'] = GeneralUtility::makeInstance(\TYPO3\CMS\Lang\LanguageService::class);
                        $GLOBALS['LANG']->init($language);
                }
        }
@@ -101,7 +129,7 @@ class EidUtility {
                // Cached instance
                static $tsfe = NULL;
                if (is_null($tsfe)) {
-                       $tsfe = \TYPO3\CMS\Core\Utility\GeneralUtility::makeInstance(\TYPO3\CMS\Frontend\Controller\TypoScriptFrontendController::class, $GLOBALS['TYPO3_CONF_VARS'], 0, 0);
+                       $tsfe = GeneralUtility::makeInstance(\TYPO3\CMS\Frontend\Controller\TypoScriptFrontendController::class, $GLOBALS['TYPO3_CONF_VARS'], 0, 0);
                }
                return $tsfe;
        }