[BUGFIX] Fix PHP warning in BackendUtility::lockRecords 94/18994/2
authorHelmut Hummel <helmut.hummel@typo3.org>
Sat, 16 Mar 2013 15:29:20 +0000 (16:29 +0100)
committerChristian Kuhn <lolli@schwarzbu.ch>
Sun, 17 Mar 2013 21:30:01 +0000 (22:30 +0100)
This methods triggers a warning "Illegal String offset"
with PHP 5.4, because $GLOBALS['BE_USER']->user['uid'] is accessed
even if a user is not logged in.

Additionally a delete query is executed in this case which
does not make sense at all.

Properly check if a user is logged in before executing any
functionality in this method.

Fixes: #46361
Releases: 4.5, 4.7, 6.0, 6.1
Change-Id: I370e0a8610a55b3d684bef95d7c6905eaaaacbab
Reviewed-on: https://review.typo3.org/18994
Reviewed-by: Christian Kuhn
Tested-by: Christian Kuhn
t3lib/class.t3lib_befunc.php

index 033c73d..a6a7534 100644 (file)
@@ -3459,21 +3459,22 @@ final class t3lib_BEfunc {
         * @see t3lib_transferData::lockRecord(), alt_doc.php, db_layout.php, db_list.php, wizard_rte.php
         */
        public static function lockRecords($table = '', $uid = 0, $pid = 0) {
-               $user_id = intval($GLOBALS['BE_USER']->user['uid']);
-               if ($table && $uid) {
-                       $fields_values = array(
-                               'userid' => $user_id,
-                               'feuserid' => 0,
-                               'tstamp' => $GLOBALS['EXEC_TIME'],
-                               'record_table' => $table,
-                               'record_uid' => $uid,
-                               'username' => $GLOBALS['BE_USER']->user['username'],
-                               'record_pid' => $pid
-                       );
-
-                       $GLOBALS['TYPO3_DB']->exec_INSERTquery('sys_lockedrecords', $fields_values);
-               } else {
-                       $GLOBALS['TYPO3_DB']->exec_DELETEquery('sys_lockedrecords', 'userid=' . intval($user_id));
+               if (isset($GLOBALS['BE_USER']->user['uid'])) {
+                       $user_id = intval($GLOBALS['BE_USER']->user['uid']);
+                       if ($table && $uid) {
+                               $fields_values = array(
+                                       'userid' => $user_id,
+                                       'feuserid' => 0,
+                                       'tstamp' => $GLOBALS['EXEC_TIME'],
+                                       'record_table' => $table,
+                                       'record_uid' => $uid,
+                                       'username' => $GLOBALS['BE_USER']->user['username'],
+                                       'record_pid' => $pid
+                               );
+                               $GLOBALS['TYPO3_DB']->exec_INSERTquery('sys_lockedrecords', $fields_values);
+                       } else {
+                               $GLOBALS['TYPO3_DB']->exec_DELETEquery('sys_lockedrecords', 'userid=' . intval($user_id));
+                       }
                }
        }