[BUGFIX] Catch invalid Enum value 95/49695/6
authorSascha Egerer <sascha@sascha-egerer.de>
Wed, 31 Aug 2016 19:13:33 +0000 (21:13 +0200)
committerFrans Saris <franssaris@gmail.com>
Thu, 1 Sep 2016 07:51:02 +0000 (09:51 +0200)
To avoid breaking the backend, any exception of the JsConfirmation
must be caught and the default value must be returned.

Resolves: #76719
Releases: master, 7.6
Change-Id: Idfea9ec8aa269ac807bf6936263da9803ea39bf8
Reviewed-on: https://review.typo3.org/49695
Tested-by: Bamboo TYPO3com <info@typo3.com>
Reviewed-by: Sascha Egerer <sascha@sascha-egerer.de>
Tested-by: Sascha Egerer <sascha@sascha-egerer.de>
Reviewed-by: Wouter Wolters <typo3@wouterwolters.nl>
Reviewed-by: Frans Saris <franssaris@gmail.com>
Tested-by: Frans Saris <franssaris@gmail.com>
typo3/sysext/core/Classes/Authentication/BackendUserAuthentication.php
typo3/sysext/core/Classes/Type/Bitmask/JsConfirmation.php

index 323dea2..c1cf228 100644 (file)
@@ -24,6 +24,7 @@ use TYPO3\CMS\Core\Database\Query\Restriction\RootLevelRestriction;
 use TYPO3\CMS\Core\Resource\ResourceStorage;
 use TYPO3\CMS\Core\Type\Bitmask\JsConfirmation;
 use TYPO3\CMS\Core\Type\Bitmask\Permission;
+use TYPO3\CMS\Core\Type\Exception\InvalidEnumerationValueException;
 use TYPO3\CMS\Core\Utility\GeneralUtility;
 
 /**
@@ -1249,18 +1250,14 @@ class BackendUserAuthentication extends \TYPO3\CMS\Core\Authentication\AbstractU
      */
     public function jsConfirmation($bitmask)
     {
-        $alertPopup = $this->getTSConfig('options.alertPopups');
-
-        if (trim((string)$alertPopup['value']) === '') {
-            // Default: show all confirmations
-            $alertPopup = JsConfirmation::ALL;
-        } else {
-            $alertPopup = $alertPopup['value'];
+        try {
+            $alertPopupsSetting = trim((string)$this->getTSConfig('options.alertPopups')['value']);
+            $alertPopup = JsConfirmation::cast($alertPopupsSetting === '' ? null : (int)$alertPopupsSetting);
+        } catch (InvalidEnumerationValueException $e) {
+            $alertPopup = new JsConfirmation();
         }
 
-        $bitmask = JsConfirmation::cast($bitmask);
-        $alertPopup = JsConfirmation::cast($alertPopup);
-        return $bitmask->matches($alertPopup);
+        return JsConfirmation::cast($bitmask)->matches($alertPopup);
     }
 
     /**
index f8bcf01..2308f04 100644 (file)
@@ -52,6 +52,13 @@ class JsConfirmation extends Enumeration
      */
     const ALL = 255;
 
+    const __default = self::ALL;
+
+    /**
+     * Bitmask of allowed values beside 255
+     *
+     * @var int
+     */
     protected static $allowedValues = self::TYPE_CHANGE | self::COPY_MOVE_PASTE | self::DELETE | self::FE_EDIT | self::OTHER;
 
     /**
@@ -63,7 +70,7 @@ class JsConfirmation extends Enumeration
     public function matches(JsConfirmation $value)
     {
         $value = (int)(string)$value;
-        $thisValue = (int)$this->value;
+        $thisValue = (int)(string)$this;
 
         return ($value & $thisValue) == $thisValue;
     }