Commit ce8d8e30 authored by Felix Kopp's avatar Felix Kopp Committed by Helmut Hummel
Browse files

[TASK] Secure EXT: beuser database interactions

Wraps database query input in corresponding functions to clean input.
Also fixes a bug in ViewHelpers to limit output to parameter uid list.

Change-Id: Ie23babb20ab610193ad06cc4305c31f9e042fb9b
Resolves: #42221
Releases: 6.0
Reviewed-on: http://review.typo3.org/15985
Reviewed-by: Helmut Hummel
Tested-by: Helmut Hummel
parent 3903ee02
......@@ -113,7 +113,10 @@ class BackendUserController extends \TYPO3\CMS\Extbase\Mvc\Controller\ActionCont
}
// Switch user permanently or only until logout
if (\TYPO3\CMS\Core\Utility\GeneralUtility::_GP('SwitchUser')) {
$this->switchUser(\TYPO3\CMS\Core\Utility\GeneralUtility::_GP('SwitchUser'), \TYPO3\CMS\Core\Utility\GeneralUtility::_GP('switchBackUser'));
$this->switchUser(
\TYPO3\CMS\Core\Utility\GeneralUtility::_GP('SwitchUser'),
\TYPO3\CMS\Core\Utility\GeneralUtility::_GP('switchBackUser')
);
}
$compareUserList = $this->moduleData->getCompareUserList();
$this->view->assign('demand', $demand);
......@@ -221,5 +224,4 @@ class BackendUserController extends \TYPO3\CMS\Extbase\Mvc\Controller\ActionCont
}
?>
\ No newline at end of file
......@@ -129,5 +129,4 @@ class BackendUser extends \TYPO3\CMS\Extbase\Domain\Model\BackendUser {
}
?>
\ No newline at end of file
......@@ -73,5 +73,4 @@ class BackendUserGroup extends \TYPO3\CMS\Extbase\DomainObject\AbstractEntity {
}
?>
\ No newline at end of file
......@@ -161,5 +161,4 @@ class Demand extends \TYPO3\CMS\Extbase\DomainObject\AbstractEntity {
}
?>
\ No newline at end of file
......@@ -91,5 +91,4 @@ class ModuleData {
}
?>
\ No newline at end of file
......@@ -32,8 +32,6 @@ namespace TYPO3\CMS\Beuser\Domain\Repository;
*/
class BackendUserGroupRepository extends \TYPO3\CMS\Extbase\Persistence\Repository {
}
?>
\ No newline at end of file
......@@ -40,7 +40,7 @@ class BackendUserRepository extends \TYPO3\CMS\Extbase\Domain\Repository\Backend
*/
public function findByUidList($uidList) {
$query = $this->createQuery();
return $query->matching($query->in('uid', $uidList))->execute();
return $query->matching($query->in('uid', $GLOBALS['TYPO3_DB']::cleanIntArray($uidList)))->execute();
}
/**
......@@ -57,7 +57,10 @@ class BackendUserRepository extends \TYPO3\CMS\Extbase\Domain\Repository\Backend
$query->setOrderings(array('userName' => \TYPO3\CMS\Extbase\Persistence\QueryInterface::ORDER_ASCENDING));
// Username
if ($demand->getUserName() !== '') {
$constraints[] = $query->like('userName', '%' . $demand->getUserName() . '%');
$constraints[] = $query->like(
'userName',
'%' . $GLOBALS['TYPO3_DB']->escapeStrForLike($demand->getUserName(), 'be_users') . '%'
);
}
// Only display admin users
if ($demand->getUserType() == \TYPO3\CMS\Beuser\Domain\Model\Demand::USERTYPE_ADMINONLY) {
......@@ -86,7 +89,12 @@ class BackendUserRepository extends \TYPO3\CMS\Extbase\Domain\Repository\Backend
// In backend user group
// @TODO: Refactor for real n:m relations
if ($demand->getBackendUserGroup()) {
$constraints[] = $query->logicalOr($query->equals('usergroup', $demand->getBackendUserGroup()->getUid()), $query->like('usergroup', $demand->getBackendUserGroup()->getUid() . ',%'), $query->like('usergroup', '%,' . $demand->getBackendUserGroup()->getUid()), $query->like('usergroup', '%,' . $demand->getBackendUserGroup()->getUid() . ',%'));
$constraints[] = $query->logicalOr(
$query->equals('usergroup', intval($demand->getBackendUserGroup()->getUid())),
$query->like('usergroup', intval($demand->getBackendUserGroup()->getUid()) . ',%'),
$query->like('usergroup', '%,' . intval($demand->getBackendUserGroup()->getUid())),
$query->like('usergroup', '%,' . intval($demand->getBackendUserGroup()->getUid()) . ',%')
);
$query->contains('usergroup', $demand->getBackendUserGroup());
}
$query->matching($query->logicalAnd($constraints));
......@@ -123,5 +131,4 @@ class BackendUserRepository extends \TYPO3\CMS\Extbase\Domain\Repository\Backend
}
?>
\ No newline at end of file
......@@ -41,7 +41,13 @@ class BackendUserSessionRepository extends \TYPO3\CMS\Extbase\Persistence\Reposi
*/
public function findByBackendUser(\TYPO3\CMS\Beuser\Domain\Model\BackendUser $backendUser) {
$sessions = array();
$res = $GLOBALS['TYPO3_DB']->exec_SELECTquery('ses_id AS id, ses_iplock AS ip, ses_tstamp AS timestamp', 'be_sessions', 'ses_userid = "' . $backendUser->getUid() . '"', '', 'ses_tstamp ASC');
$res = $GLOBALS['TYPO3_DB']->exec_SELECTquery(
'ses_id AS id, ses_iplock AS ip, ses_tstamp AS timestamp',
'be_sessions',
'ses_userid = "' . intval($backendUser->getUid()) . '"',
'',
'ses_tstamp ASC'
);
while ($row = $GLOBALS['TYPO3_DB']->sql_fetch_assoc($res)) {
$sessions[] = array(
'id' => $row['id'],
......@@ -54,5 +60,4 @@ class BackendUserSessionRepository extends \TYPO3\CMS\Extbase\Persistence\Reposi
}
?>
\ No newline at end of file
......@@ -69,5 +69,4 @@ class SwitchBackUserHook {
}
?>
\ No newline at end of file
......@@ -38,6 +38,7 @@ class ModuleDataStorageService implements \TYPO3\CMS\Core\SingletonInterface {
* @var string
*/
const KEY = 'tx_beuser';
/**
* @var \TYPO3\CMS\Extbase\Object\ObjectManagerInterface
* @inject
......@@ -71,5 +72,4 @@ class ModuleDataStorageService implements \TYPO3\CMS\Core\SingletonInterface {
}
?>
\ No newline at end of file
......@@ -40,8 +40,14 @@ class PagesViewHelper extends \TYPO3\CMS\Fluid\Core\ViewHelper\AbstractViewHelpe
if (!$uids) {
return '';
}
$content = '';
$res = $GLOBALS['TYPO3_DB']->exec_SELECTquery('uid, title', 'pages', 'uid IN (' . $uids . ')', 'uid ASC');
$res = $GLOBALS['TYPO3_DB']->exec_SELECTquery(
'uid, title',
'pages',
'uid IN (' . $GLOBALS['TYPO3_DB']->cleanIntList($uids) . ')',
'uid ASC'
);
while ($row = $GLOBALS['TYPO3_DB']->sql_fetch_assoc($res)) {
$content .= '<li>' . $row['title'] . ' [' . $row['uid'] . ']</li>';
}
......@@ -50,5 +56,4 @@ class PagesViewHelper extends \TYPO3\CMS\Fluid\Core\ViewHelper\AbstractViewHelpe
}
?>
\ No newline at end of file
......@@ -40,8 +40,14 @@ class SysFileMountsViewHelper extends \TYPO3\CMS\Fluid\Core\ViewHelper\AbstractV
if (!$uids) {
return '';
}
$content = '';
$res = $GLOBALS['TYPO3_DB']->exec_SELECTquery('uid, title', 'sys_filemounts', '', 'title ASC');
$res = $GLOBALS['TYPO3_DB']->exec_SELECTquery(
'uid, title',
'sys_filemounts',
'uid IN (' . $GLOBALS['TYPO3_DB']->cleanIntList($uids) . ')',
'title ASC'
);
while ($row = $GLOBALS['TYPO3_DB']->sql_fetch_assoc($res)) {
$content .= '<li>' . $row['title'] . ' [' . $row['uid'] . ']</li>';
}
......@@ -50,5 +56,4 @@ class SysFileMountsViewHelper extends \TYPO3\CMS\Fluid\Core\ViewHelper\AbstractV
}
?>
\ No newline at end of file
......@@ -40,8 +40,14 @@ class SysLanguageViewHelper extends \TYPO3\CMS\Fluid\Core\ViewHelper\AbstractVie
if (!$uids) {
return '';
}
$content = '';
$res = $GLOBALS['TYPO3_DB']->exec_SELECTquery('uid, title, flag', 'sys_language', '', 'title ASC');
$res = $GLOBALS['TYPO3_DB']->exec_SELECTquery(
'uid, title, flag',
'sys_language',
'uid IN (' . $GLOBALS['TYPO3_DB']->cleanIntList($uids) . ')',
'title ASC'
);
while ($row = $GLOBALS['TYPO3_DB']->sql_fetch_assoc($res)) {
$content .= '<li>' . $row['title'] . ' [' . $row['uid'] . ']</li>';
}
......@@ -50,5 +56,4 @@ class SysLanguageViewHelper extends \TYPO3\CMS\Fluid\Core\ViewHelper\AbstractVie
}
?>
\ No newline at end of file
......@@ -49,5 +49,4 @@ class SelectDefaultValueViewHelper extends \TYPO3\CMS\Fluid\ViewHelpers\Form\Sel
}
?>
\ No newline at end of file
......@@ -48,5 +48,4 @@ class IssueCommandViewHelper extends \TYPO3\CMS\Fluid\Core\ViewHelper\AbstractVi
}
?>
\ No newline at end of file
......@@ -50,5 +50,4 @@ class SectionViewHelper extends \TYPO3\CMS\Fluid\Core\ViewHelper\AbstractViewHel
}
?>
\ No newline at end of file
......@@ -66,5 +66,4 @@ class SpriteIconForRecordViewHelper extends \TYPO3\CMS\Fluid\ViewHelpers\Be\Abst
}
?>
\ No newline at end of file
......@@ -45,5 +45,4 @@ class SpriteManagerIconViewHelper extends \TYPO3\CMS\Fluid\ViewHelpers\Be\Abstra
}
?>
\ No newline at end of file
......@@ -47,5 +47,4 @@ class SwitchUserViewHelper extends \TYPO3\CMS\Fluid\Core\ViewHelper\AbstractView
}
?>
\ No newline at end of file
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment