[BUGFIX] Don't save form protection error messages in session
authorHelmut Hummel <helmut.hummel@typo3.org>
Sun, 25 Sep 2011 14:52:53 +0000 (16:52 +0200)
committerHelmut Hummel <typo3@helmut-hummel.de>
Sun, 19 Feb 2012 18:25:38 +0000 (19:25 +0100)
Do not persist flash messages in the session if we are in an Ajax context
because then the flash message is rendered out of context the next time
the flash message queue is flushed.

Change-Id: Ib63e33b7b57a0058e2b5face375bfecf5a6efed2
Resolves: #30272
Releases: 4.5, 4.6, 4.7
Reviewed-on: http://review.typo3.org/9109
Reviewed-by: Helmut Hummel
Tested-by: Helmut Hummel
t3lib/formprotection/class.t3lib_formprotection_backendformprotection.php
tests/t3lib/formprotection/class.t3lib_formprotection_BackendFormProtectionTest.php

index 315598b..a11877b 100644 (file)
@@ -130,7 +130,8 @@ class t3lib_formprotection_BackendFormProtection extends t3lib_formprotection_Ab
                        ),
                        '',
                        t3lib_FlashMessage::ERROR,
-                       TRUE
+                               // Do not save error message in session if we are in an Ajax action
+                       !(isset($GLOBALS['TYPO3_AJAX']) && $GLOBALS['TYPO3_AJAX'] === TRUE)
                );
                t3lib_FlashMessageQueue::addMessage($message);
        }
index 7c158be..c4d5884 100644 (file)
  */
 class t3lib_formprotection_BackendFormProtectionTest extends tx_phpunit_testcase {
        /**
-        * a backup of the current BE user
+        * Enable backup of global and system variables
         *
-        * @var t3lib_beUserAuth
+        * @var boolean
         */
-       private $backEndUserBackup = NULL;
+       protected $backupGlobals = TRUE;
+
+       /**
+        * Exclude TYPO3_DB from backup/ restore of $GLOBALS
+        * because resource types cannot be handled during serializing
+        *
+        * @var array
+        */
+       protected $backupGlobalsBlacklist = array('TYPO3_DB');
+
 
        /**
         * @var t3lib_formprotection_BackendFormProtection
@@ -44,7 +53,6 @@ class t3lib_formprotection_BackendFormProtectionTest extends tx_phpunit_testcase
        private $fixture;
 
        public function setUp() {
-               $this->backEndUserBackup = $GLOBALS['BE_USER'];
                $GLOBALS['BE_USER'] = $this->getMock(
                        't3lib_beUserAuth',
                        array('getSessionData', 'setAndSaveSessionData')
@@ -58,9 +66,6 @@ class t3lib_formprotection_BackendFormProtectionTest extends tx_phpunit_testcase
        public function tearDown() {
                $this->fixture->__destruct();
                unset($this->fixture);
-
-               $GLOBALS['BE_USER'] = $this->backEndUserBackup;
-
                t3lib_FlashMessageQueue::getAllMessagesAndFlush();
        }
 
@@ -228,6 +233,27 @@ class t3lib_formprotection_BackendFormProtectionTest extends tx_phpunit_testcase
                $this->fixture->createValidationErrorMessage();
 
                $messages = t3lib_FlashMessageQueue::getAllMessagesAndFlush();
+
+               $this->assertNotEmpty($messages);
+               $this->assertContains(
+                       $GLOBALS['LANG']->sL(
+                               'LLL:EXT:lang/locallang_core.xml:error.formProtection.tokenInvalid'
+                       ),
+                       $messages[0]->render()
+               );
+       }
+
+       /**
+        * @test
+        */
+       public function createValidationErrorMessageAddsErrorFlashMessageButNotInSessionInAjaxRequest() {
+               $GLOBALS['BE_USER'] = $this->createBackendUserSessionStorageStub();
+               $GLOBALS['TYPO3_AJAX'] = TRUE;
+               $this->fixture->createValidationErrorMessage();
+
+               $messages = t3lib_FlashMessageQueue::$messages;
+
+               $this->assertNotEmpty($messages);
                $this->assertContains(
                        $GLOBALS['LANG']->sL(
                                'LLL:EXT:lang/locallang_core.xml:error.formProtection.tokenInvalid'