Commit 46c1c10c authored by Frans Saris's avatar Frans Saris Committed by Markus Klein
Browse files

[BUGFIX] Redirect BE user to login on invalid module/route token

Resolves: #69763
Releases: master, 7.6
Change-Id: I2d9e80b7c669c55067690aedf5a7c91256d7c28b
Reviewed-on: https://review.typo3.org/50660

Reviewed-by: Nicole Cordes's avatarNicole Cordes <typo3@cordes.co>
Reviewed-by: default avatarStefan Neufeind <typo3.neufeind@speedpartner.de>
Tested-by: default avatarStefan Neufeind <typo3.neufeind@speedpartner.de>
Reviewed-by: Markus Klein's avatarMarkus Klein <markus.klein@typo3.org>
Tested-by: Markus Klein's avatarMarkus Klein <markus.klein@typo3.org>
parent b647e014
......@@ -16,6 +16,7 @@ namespace TYPO3\CMS\Backend\Http;
use Psr\Http\Message\ResponseInterface;
use Psr\Http\Message\ServerRequestInterface;
use TYPO3\CMS\Backend\Routing\Exception\InvalidRequestTokenException;
use TYPO3\CMS\Backend\Routing\Exception\RouteNotFoundException;
use TYPO3\CMS\Core\Core\Bootstrap;
use TYPO3\CMS\Core\Http\RequestHandlerInterface;
......@@ -68,7 +69,14 @@ class RequestHandler implements RequestHandlerInterface
$this->boot($pathToRoute === '/login');
// Check if the router has the available route and dispatch.
return $this->dispatch($request);
try {
return $this->dispatch($request);
// When token was invalid redirect to login
} catch (InvalidRequestTokenException $e) {
$url = GeneralUtility::getIndpEnv('TYPO3_SITE_URL') . TYPO3_mainDir;
\TYPO3\CMS\Core\Utility\HttpUtility::redirect($url);
}
}
/**
......
......@@ -16,7 +16,7 @@ namespace TYPO3\CMS\Backend\Http;
use Psr\Http\Message\ResponseInterface;
use Psr\Http\Message\ServerRequestInterface;
use TYPO3\CMS\Backend\Routing\Exception\RouteNotFoundException;
use TYPO3\CMS\Backend\Routing\Exception\InvalidRequestTokenException;
use TYPO3\CMS\Backend\Routing\Route;
use TYPO3\CMS\Backend\Routing\Router;
use TYPO3\CMS\Core\FormProtection\FormProtectionFactory;
......@@ -46,7 +46,7 @@ class RouteDispatcher extends Dispatcher implements DispatcherInterface
$route = $router->matchRequest($request);
$request = $request->withAttribute('route', $route);
if (!$this->isValidRequest($request)) {
throw new RouteNotFoundException('Invalid request for route "' . $route->getPath() . '"', 1425389455);
throw new InvalidRequestTokenException('Invalid request for route "' . $route->getPath() . '"', 1425389455);
}
$targetIdentifier = $route->getOption('target');
......
<?php
namespace TYPO3\CMS\Backend\Routing\Exception;
/*
* This file is part of the TYPO3 CMS project.
*
* It is free software; you can redistribute it and/or modify it under
* the terms of the GNU General Public License, either version 2
* of the License, or any later version.
*
* For the full copyright and license information, please read the
* LICENSE.txt file that was distributed with this source code.
*
* The TYPO3 project - inspiring people to share!
*/
/**
* Exception thrown when request token was invalid
*/
class InvalidRequestTokenException extends \TYPO3\CMS\Core\Exception
{
}
Supports Markdown
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment