Commit 9636932c authored by Simon Gilli's avatar Simon Gilli Committed by Christian Kuhn
Browse files

[BUGFIX] Add missing cookie option on install tool logout

Add the missing samesite cookie option after the logout from the
install tool which leads to an error in the browser console.

Also, the missing direct dependency to symfony/http-foundation is
added properly with:

* composer require symfony/http-foundation:^5.3.0 -d typo3/sysext/install --no-update

Resolves: #95270
Releases: master, 10.4
Change-Id: I399e3db96bbaaeef7a79caa43ac221a3d5c30f0a
Reviewed-on: https://review.typo3.org/c/Packages/TYPO3.CMS/+/71122


Reviewed-by: Markus Klein's avatarMarkus Klein <markus.klein@typo3.org>
Reviewed-by: Nikita Hovratov's avatarNikita Hovratov <nikita.h@live.de>
Reviewed-by: Christian Kuhn's avatarChristian Kuhn <lolli@schwarzbu.ch>
Tested-by: core-ci's avatarcore-ci <typo3@b13.com>
Tested-by: Nikita Hovratov's avatarNikita Hovratov <nikita.h@live.de>
Tested-by: Christian Kuhn's avatarChristian Kuhn <lolli@schwarzbu.ch>
parent 70ce8871
......@@ -182,10 +182,6 @@ parameters:
message: "#^Parameter \\#1 \\$stageRecord of method TYPO3\\\\CMS\\\\Workspaces\\\\Controller\\\\Remote\\\\ActionHandler\\:\\:getRecipientsOfStage\\(\\) expects int\\|TYPO3\\\\CMS\\\\Workspaces\\\\Domain\\\\Record\\\\StageRecord, TYPO3\\\\CMS\\\\Workspaces\\\\Domain\\\\Record\\\\StageRecord\\|null given\\.$#"
count: 1
path: typo3/sysext/workspaces/Classes/Controller/Remote/ActionHandler.php
-
message: "#^Parameter \\#1 \\$name of function setcookie expects string, string\\|false given\\.$#"
count: 1
path: typo3/sysext/install/Classes/Service/SessionService.php
-
message: "#^Parameter \\#4 \\$(col|color) of function imagefill expects int, int\\|false given\\.$#"
count: 1
......
......@@ -71,6 +71,7 @@ class SessionService implements SingletonInterface
);
session_set_save_handler($sessionHandler);
session_name($this->cookieName);
ini_set('session.cookie_secure', GeneralUtility::getIndpEnv('TYPO3_SSL') ? 'On' : 'Off');
ini_set('session.cookie_httponly', 'On');
ini_set('session.cookie_samesite', Cookie::SAMESITE_STRICT);
ini_set('session.cookie_path', (string)GeneralUtility::getIndpEnv('TYPO3_SITE_PATH'));
......@@ -125,15 +126,15 @@ class SessionService implements SingletonInterface
$this->initializeSession();
$_SESSION = [];
$params = session_get_cookie_params();
setcookie(
session_name(),
'',
time() - 42000,
$params['path'],
$params['domain'],
$params['secure'],
$params['httponly']
);
$cookie = Cookie::create(($sessionName = session_name()) !== false ? $sessionName : $this->cookieName)
->withValue('0')
->withPath($params['path'])
->withDomain($params['domain'])
->withSecure($params['samesite'] === Cookie::SAMESITE_NONE || GeneralUtility::getIndpEnv('TYPO3_SSL'))
->withHttpOnly($params['httponly'])
->withSameSite($params['samesite']);
header('Set-Cookie: ' . $cookie);
session_destroy();
}
}
......
......@@ -23,6 +23,7 @@
"guzzlehttp/promises": "^1.4.0",
"nikic/php-parser": "^4.10.4",
"symfony/finder": "^5.3.0",
"symfony/http-foundation": "^5.3.0",
"typo3/cms-core": "11.5.*@dev",
"typo3/cms-extbase": "11.5.*@dev",
"typo3/cms-fluid": "11.5.*@dev"
......
Supports Markdown
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment