[BUGFIX] Password again may be entered alone without error being raised 37/55637/2
authorStanislas Rolland <typo3@sjbr.ca>
Fri, 9 Feb 2018 21:06:53 +0000 (16:06 -0500)
committerStanislas Rolland <typo3@sjbr.ca>
Fri, 9 Feb 2018 21:08:50 +0000 (22:08 +0100)
Problem: In edit mode, one may enter a text in the second password
field (password again) without entering anything the the first field
(password), in which case no error is raised. The entry is silently
ignored.

Solution: Revise password handling in session storage and always issue
error when the second password field does not match the first.

Resolves: #77055
Change-Id: I3bc9fdc8e811aafca93ef895e48c84e4918a6d1f
Reviewed-on: https://review.typo3.org/55637
Reviewed-by: Stanislas Rolland <typo3@sjbr.ca>
Tested-by: Stanislas Rolland <typo3@sjbr.ca>
ChangeLog
Classes/Controller/CreateActionController.php
Classes/Controller/EditActionController.php
Classes/Domain/Data.php
Classes/Request/Parameters.php
Classes/Security/SessionData.php

index f610b70..9a053b7 100644 (file)
--- a/ChangeLog
+++ b/ChangeLog
@@ -1,5 +1,6 @@
 2018-02-09 Stanislas Rolland  <typo3(arobas)sjbr.ca>
        * Resolves #83833: Salutation does not match in registration and response for "Ms" and "Mrs"
+       * Resolves #77055: Password again may be entered alone without error being raised
 
 2018-02-08 Stanislas Rolland  <typo3(arobas)sjbr.ca>
        * Resolves #76119: Profile or password editing fails
index b14d6ab..20096a6 100644 (file)
@@ -74,9 +74,9 @@ class CreateActionController extends AbstractActionController
                        $this->data->parseValues($finalDataArray, $origArray, $cmdKey);
                        $this->data->overrideValues($finalDataArray, $cmdKey);
                        $evalErrors = $this->data->evalValues($finalDataArray, $origArray, $this->marker, $cmdKey, $mode);
-                       // If the two password fields are not equal, clear session data
-                       if (is_array($evalErrors['password']) && in_array('twice', $evalErrors['password'])) {
-                               SessionData::clearSessionData($this->extensionKey);
+                       // If there is an error on password, clear session data
+                       if (!empty($evalErrors['password'])) {
+                               SessionData::clearSessionData($this->extentionKey);
                        }
                        // No preview flag if a evaluation failure has occured
                        if ($this->data->getFailure()) {
index 2cabe3f..80b3adc 100644 (file)
@@ -79,11 +79,11 @@ class EditActionController extends AbstractActionController
                        $this->data->parseValues($dataArray, $origArray, $cmdKey);
                        $this->data->overrideValues($dataArray, $cmdKey);
                        $evalErrors = $this->data->evalValues($dataArray, $origArray, $this->marker, $cmdKey, $mode);
-                       // If the two password fields are not equal, clear session data
-                       if (is_array($evalErrors['password']) && in_array('twice', $evalErrors['password'])) {
+                       // If there is an error on password, clear session data
+                       if (!empty($evalErrors['password'])) {
                                SessionData::clearSessionData($this->extentionKey);
                        }
-                       // No preview flag if a evaluation failure has occured
+                       // No preview flag if an evaluation failure has occured
                        if ($this->data->getFailure()) {
                                $mode = AbstractView::MODE_NORMAL;
                        }
index 5409031..db83a95 100644 (file)
@@ -240,7 +240,7 @@ class Data
                                SecuredData::secureInput($feDataArray, false);
                                $this->modifyRow($feDataArray, false);
                                SessionData::securePassword($this->extensionKey, $feDataArray);
-                               unset($feDataArray['password_again']);
+                               $feDataArray = array_merge($feDataArray, SessionData::readPassword($this->extensionKey));
                                $this->setDataArray($feDataArray);
                        }
                }
index 8aa4046..3f9f927 100644 (file)
@@ -215,8 +215,9 @@ class Parameters
        {
                if ($this->theTable === 'fe_users' && isset($this->conf['create.']['evalValues.']['password'])) {
                        // Establish compatibility with the extension Felogin
-                       $password = GeneralUtility::_GP('pass');
+                       $password = '';
                        $password_again = '';
+                       $password = GeneralUtility::_GP('pass');
                        $fe = GeneralUtility::_POST('FE');
                        if (isset($fe) && is_array($fe)) {
                                $feDataArray = $fe[$this->theTable];
@@ -224,7 +225,7 @@ class Parameters
                                        $password_again = $feDataArray['password_again'];
                                }
                        }
-                       if (isset($password)) {
+                       if (!empty($password) || !empty($password_again)) {
                                SessionData::writePassword($this->extensionKey, $password, $password_again);
                        }
                }
index fb83371..5f3a88a 100644 (file)
@@ -217,18 +217,11 @@ class SessionData
         * @param string $password: the password
         * @return void
         */
-       public static function writePassword($extensionKey, $password, $passwordAgain = '')
+       public static function writePassword($extensionKey, $password = '', $passwordAgain = '')
        {
                $sessionData = self::readSessionData($extensionKey);
-               if ($password === '') {
-                       $sessionData['password'] = '__UNSET';
-                       $sessionData['password_again'] = '__UNSET';
-               } else {
-                       $sessionData['password'] = $password;
-                       if ($passwordAgain !== '') {
-                               $sessionData['password_again'] = $passwordAgain;
-                       }
-               }
+               $sessionData['password'] = empty($password) ? '__UNSET' : $password;
+               $sessionData['password_again'] = empty($passwordAgain) ? '__UNSET' : $passwordAgain;
                self::writeSessionData($extensionKey, $sessionData);
        }