Commit 2b2ab785 authored by Christian Kuhn's avatar Christian Kuhn Committed by Andreas Fernandez
Browse files

[TASK] Destroy install tool session on backend user logout

If a system maintainer used the install tool from within the
backend, the session is now destroyed on logout explicitely.

Resolves: #86249
Resolves: #85404
Releases: master
Change-Id: I6bf4f2a724ec85b60854e8f92c00a10e7614f140
Reviewed-on: https://review.typo3.org/58297


Reviewed-by: Benni Mack's avatarBenni Mack <benni@typo3.org>
Tested-by: Benni Mack's avatarBenni Mack <benni@typo3.org>
Reviewed-by: Andreas Fernandez's avatarAndreas Fernandez <a.fernandez@scripting-base.de>
Tested-by: default avatarTYPO3com <no-reply@typo3.com>
Tested-by: Andreas Fernandez's avatarAndreas Fernandez <a.fernandez@scripting-base.de>
parent 840fe9b2
......@@ -25,12 +25,14 @@ use TYPO3\CMS\Core\Database\Query\Restriction\BackendWorkspaceRestriction;
use TYPO3\CMS\Core\Database\Query\Restriction\DeletedRestriction;
use TYPO3\CMS\Core\Database\Query\Restriction\HiddenRestriction;
use TYPO3\CMS\Core\Database\Query\Restriction\RootLevelRestriction;
use TYPO3\CMS\Core\FormProtection\FormProtectionFactory;
use TYPO3\CMS\Core\Resource\ResourceStorage;
use TYPO3\CMS\Core\Type\Bitmask\JsConfirmation;
use TYPO3\CMS\Core\Type\Bitmask\Permission;
use TYPO3\CMS\Core\Type\Exception\InvalidEnumerationValueException;
use TYPO3\CMS\Core\Utility\ExtensionManagementUtility;
use TYPO3\CMS\Core\Utility\GeneralUtility;
use TYPO3\CMS\Install\Service\SessionService;
/**
* TYPO3 backend user authentication
......@@ -2717,10 +2719,21 @@ This is a dump of the failures:
*/
public function logoff()
{
if (isset($GLOBALS['BE_USER']) && $GLOBALS['BE_USER'] instanceof self && isset($GLOBALS['BE_USER']->user['uid'])) {
\TYPO3\CMS\Core\FormProtection\FormProtectionFactory::get()->clean();
if (isset($GLOBALS['BE_USER'])
&& $GLOBALS['BE_USER'] instanceof self
&& isset($GLOBALS['BE_USER']->user['uid'])
) {
FormProtectionFactory::get()->clean();
// Release the locked records
$this->releaseLockedRecords((int)$GLOBALS['BE_USER']->user['uid']);
if ($this->isSystemMaintainer()) {
// If user is system maintainer, destroy its possibly valid install tool session.
$session = new SessionService();
if ($session->hasSession()) {
$session->destroySession();
}
}
}
parent::logoff();
}
......
......@@ -96,7 +96,10 @@ class BackendUserAuthenticationTest extends UnitTestCase
);
$GLOBALS['BE_USER'] = $this->getMockBuilder(BackendUserAuthentication::class)->getMock();
$GLOBALS['BE_USER']->user = ['uid' => $this->getUniqueId()];
$GLOBALS['BE_USER']->user = [
'uid' => $this->getUniqueId(),
'ses_backuserid' => 0,
];
$GLOBALS['BE_USER']->setLogger(new NullLogger());
/** @var BackendUserAuthentication|\PHPUnit_Framework_MockObject_MockObject $subject */
......
Supports Markdown
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment