[BUGFIX] Fix PHP warning trigged in getAuthInfoArray() 02/24002/2
authorChristian Finkemeier <c.finkemeier@caw-media.de>
Thu, 8 Aug 2013 13:18:55 +0000 (15:18 +0200)
committerChristian Kuhn <lolli@schwarzbu.ch>
Thu, 26 Sep 2013 21:15:14 +0000 (23:15 +0200)
AbstractUserAuthentication::getAuthInfoArray() calls
$GLOBALS['TYPO3_DB']->cleanIntList() with a possible NULL argument.
This leads to a PHP warning in GeneralUtility::trimExplode().

Resolves: #50913
Relates: #42921
Releases: 6.2, 6.1, 6.0, 4.7, 4.5
Change-Id: I42ddf8fed715c5f8ce060e6ca5826ef3ed8f223e
Reviewed-on: https://review.typo3.org/24002
Reviewed-by: Stefan Neufeind
Reviewed-by: Christian Kuhn
Tested-by: Christian Kuhn
typo3/sysext/core/Classes/Authentication/AbstractUserAuthentication.php
typo3/sysext/core/Tests/Unit/Authentication/AbstractUserAuthenticationTest.php

index 52b4e9c..2780492 100644 (file)
@@ -1326,8 +1326,14 @@ abstract class AbstractUserAuthentication {
                $authInfo['db_user']['userident_column'] = $this->userident_column;
                $authInfo['db_user']['usergroup_column'] = $this->usergroup_column;
                $authInfo['db_user']['enable_clause'] = $this->user_where_clause();
-               $authInfo['db_user']['checkPidList'] = $this->checkPid ? $this->checkPid_value : '';
-               $authInfo['db_user']['check_pid_clause'] = $this->checkPid ? ' AND pid IN (' . $GLOBALS['TYPO3_DB']->cleanIntList($authInfo['db_user']['checkPidList']) . ')' : '';
+               if ($this->checkPid && $this->checkPid_value !== NULL) {
+                       $authInfo['db_user']['checkPidList'] = $this->checkPid_value;
+                       $authInfo['db_user']['check_pid_clause'] = ' AND pid IN (' .
+                               $GLOBALS['TYPO3_DB']->cleanIntList($this->checkPid_value) . ')';
+               } else {
+                       $authInfo['db_user']['checkPidList'] = '';
+                       $authInfo['db_user']['check_pid_clause'] = '';
+               }
                $authInfo['db_groups']['table'] = $this->usergroup_table;
                return $authInfo;
        }
@@ -1517,4 +1523,4 @@ abstract class AbstractUserAuthentication {
 }
 
 
-?>
\ No newline at end of file
+?>
index c86262c..064345d 100644 (file)
@@ -151,6 +151,21 @@ class AbstractUserAuthenticationTest extends \TYPO3\CMS\Core\Tests\UnitTestCase
                $this->assertEquals($mock->processLoginData($originalData, $passwordSubmissionStrategy), $processedData);
        }
 
+       /**
+        * @test
+        */
+       public function getAuthInfoArrayReturnsEmptyPidListIfNoCheckPidValueIsGiven() {
+               $GLOBALS['TYPO3_DB'] = $this->getMock('TYPO3\\CMS\\Core\\Database\\DatabaseConnection', array('cleanIntList'));
+               $GLOBALS['TYPO3_DB']->expects($this->never())->method('cleanIntList');
+
+               /** @var $mock \TYPO3\CMS\Core\Authentication\AbstractUserAuthentication */
+               $mock = $this->getMock('TYPO3\\CMS\\Core\\Authentication\\AbstractUserAuthentication', array('dummy'));
+               $mock->checkPid = TRUE;
+               $mock->checkPid_value = NULL;
+               $result = $mock->getAuthInfoArray();
+               $this->assertEquals('', $result['db_user']['checkPidList']);
+       }
+
 }
 
 ?>
\ No newline at end of file